Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools.
“You have full capability of exploiting on all EA services,” the hackers claimed in various posts on underground hacking forums viewed by Motherboard. A source with access to the forums, some of which are locked from public view, provided Motherboard with screenshots of the messages.
In those forum posts the hackers said they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield. Other stolen information includes proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined. In all, the hackers say they have 780gb of data, and are advertising it for sale in various underground hacking forum posts viewed by Motherboard.
EA confirmed to Motherboard that it had suffered a data breach and that the information listed by the hackers was the data that was stolen.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA spokesperson told Motherboard in a statement. “No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
Along with their forum posts the hackers shared a small selection of screenshots claiming to demonstrate their access to EA data, but did not publicly distribute any of the internal data itself. Instead, the hackers are, at least ostensibly, trying to sell the information.
“Only serious and rep [reputation] members all other would be ignored,” the hackers wrote in their post.