New details have emerged regarding how the cybercriminals behind the recent EA hack (opens in new tab) were able to gain access to the company's corporate network and steal 780GB of source code, SDKs and other proprietary tools.
According to a new report (opens in new tab) from Vice's Motherboard, the hackers responsible were allegedly able to break into EA's network by tricking one of its employees to provide a login token over Slack (opens in new tab).
The news outlet spoke with a representative for the hackers over online chat who explained that the attack, which led to a data breach (opens in new tab), first began by purchasing stolen cookies on the Dark Web (opens in new tab) for just $10. These cookies were then used to gain access to a Slack channel used internally by EA.
- We've built a list of the best endpoint protection software (opens in new tab) around
- Keep your devices virus free with the best malware removal software (opens in new tab)
- Also check out our roundup of the best firewall (opens in new tab)
While clearing the cookies from your web browser (opens in new tab) isn't difficult, failing to do so can have huge implications as they can be used to save login details for websites and other online services. In this case, the stolen cookies purchased by the hackers allowed them to gain access to one of EA's Slack channels. Finding one of the company's Slack channels was also likely easy for the attackers as Motherboard reported last year that an ex-engineer from the company had left a list of them in a public facing code repository.
Breaching EA's network
After gaining access to one of EA's Slack channels, the hackers then messaged the company's IT department for support explaining that they had lost their phone at a party the previous night.
From here, they requested a multifactor authentication (MFA (opens in new tab)) token which they used to gain access to the company's corporate network. Apparently this 'trick' worked successfully two times according to the hackers' representative.
Once inside EA's network, the hackers discovered a service used by developers at EA for compiling games and were able to successfully log in. By creating a virtual machine (opens in new tab), they gained more visibility into the network which allowed them to access an additional service and begin downloading the source code for FIFA 21 (opens in new tab) and the Frostbite engine (opens in new tab).
EA is currently in the process of investigating the data breach and the company is also working with law enforcement agencies to determine the full extent of the hack.
- We've also featured the best antivirus (opens in new tab)
Via Vice (opens in new tab)