After yesterday broke reports of as much as 780 GB of data gets swiped from the gaming giant Electronic Arts (EA), we already know how the heist was pulled off, at least according to the hackers’ tale.
A “representative of the hackers” told the motherboard Friday that the scheme was actually quite simple: They reportedly started buying stolen cookies online for $ 10 each, and then used them to access one of EA’s corporate Slack channels. Apparently, EA’s Slack label is not the safest – we have previously seen Researchers discover a former engineer for the company, leaving the names of EA’s corporate Slack channels in a public repo. Whether it’s early in 2020 unintended event played a role here is still unknown.
Per motherboard, the next step was to send a message to EA’s IT support team pretending that the hackers had “lost [their] phone for a party last night, ”before asking the employee for a multi-factor approval token. Once they had their hands on this token, the hackers’ representative said they were able to go straight into EA’s corporate network, which led them to the hub where some of EA’s developers were compiling their games. Soon, the scammers downloaded material for Playstation VR, internal documents about AI in games and some documents about how EA “creates digital crowds in FIFA games.”
Meanwhile, EA is rehearsing previously confirmed to Gizmodo that the hack started and ended with this amount of data, which also allegedly including the source code of the company’s games engine, FrostBite. “No player data was accessed and we have no reason to believe there is any risk to players’ privacy,” the spokesman said, noting that the company “has already made security improvements” in response to the hack. Hopefully one of these buffs makes their Slack channels a little less hackable.