After reports broke yesterday about a whopping 780GB of data being swiped from the gaming giant Electronic Arts (EA), we already know how the heist was pulled off, at least according to the hackers’ telling.
A “representative for the hackers” told Motherboard on Friday that the scheme was actually pretty simple: They allegedly started by buying stolen cookies online for $10 each, and then used those to get access to one of EA’s corporate Slack channels. Apparently, EA’s Slack etiquette isn’t the most secure—we’ve previously seen researchers discover a former engineer for the company leaving the names of EA’s corporate Slack channels in a public code repo. Whether that early 2020 incident played a role here is still unknown.
Per Motherboard, the next step was messaging EA’s IT support team to pretend that the hackers had “lost [their] phone at a party last night,” before asking the staffer for a multi-factor authentication token. Once they had their hands on that token, the hackers’ rep said, they were able to walk right into EA’s corporate network, which led them to the hub where some of EA’s developers compile their games. Pretty soon, the fraudsters were downloading material for the Playstation VR, internal documents on AI in gaming, and some documents on how EA “creates digital crowds in the FIFA games.”
Meanwhile, EA reps previously confirmed to Gizmodo that the hack started and ended with this trove of data, which also reportedly included the source code for the company’s game engine, FrostBite. “No player data was accessed, and we have no reason to believe there is any risk to player privacy,” the spokesperson said, noting that the company has “already made security improvements” in response to the hack. Hopefully one of those buffs makes their Slack channels a bit less hackable.