EA hack reportedly used stolen cookies and Slack to target gaming giant

Hacker Typing
(Image credit: Shutterstock)
Audio player loading…

New details have emerged regarding how the cybercriminals behind the recent EA hack (opens in new tab) were able to gain access to the company's corporate network and steal 780GB of source code, SDKs and other proprietary tools.

According to a new report (opens in new tab) from Vice's Motherboard, the hackers responsible were allegedly able to break into EA's network by tricking one of its employees to provide a login token over Slack (opens in new tab).

The news outlet spoke with a representative for the hackers over online chat who explained that the attack, which led to a data breach (opens in new tab), first began by purchasing stolen cookies on the Dark Web (opens in new tab) for just $10. These cookies were then used to gain access to a Slack channel used internally by EA.

While clearing the cookies from your web browser (opens in new tab) isn't difficult, failing to do so can have huge implications as they can be used to save login details for websites and other online services. In this case, the stolen cookies purchased by the hackers allowed them to gain access to one of EA's Slack channels. Finding one of the company's Slack channels was also likely easy for the attackers as Motherboard reported last year that an ex-engineer from the company had left a list of them in a public facing code repository.

Breaching EA's network

After gaining access to one of EA's Slack channels, the hackers then messaged the company's IT department for support explaining that they had lost their phone at a party the previous night.

From here, they requested a multifactor authentication (MFA (opens in new tab)) token which they used to gain access to the company's corporate network. Apparently this 'trick' worked successfully two times according to the hackers' representative.

Once inside EA's network, the hackers discovered a service used by developers at EA for compiling games and were able to successfully log in. By creating a virtual machine (opens in new tab), they gained more visibility into the network which allowed them to access an additional service and begin downloading the source code for FIFA 21 (opens in new tab) and the Frostbite engine (opens in new tab).

EA is currently in the process of investigating the data breach and the company is also working with law enforcement agencies to determine the full extent of the hack.

Via Vice (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.