Hackers reportedly used EA Games’ Slack to breach network, access source code
Hackers who reportedly stole valuable source code from games company Electronic Arts did so by first infiltrating the company’s Slack, a representative for a group claiming credit for the attack told Motherboard.
For just $10, the hackers purchased a cookie that allowed them to infiltrate the $5 billion company’s Slack. They then posed as an employee to convince at IT administrator to grant them authentification to get into the company’s corporate network.
The EA hack, first reported by Motherboard, included some game source code and related tools. No player data was accessed in the breach and the company does not expect the hack to impact its games, EA said in a statement.
EA did not immediately respond to an email asking for verification of the hackers’ claims that they leveraged Slack to carry out the operation.
The attack highlights the vulnerabilities created by workplace communication technologies, which have skyrocketed in use during the pandemic. The switch to remote workspaces has created new ways for cybercriminals to target organizations, though many companies have been slow to adjust their security practices for the new reality.
“We have to update the protocols we use for ID verification because when a lot of these protocols were written we were in the office together — we could talk to each other, we could see each other’s faces,” says Rachel Tobac, a hacker and CEO of the vendor SocialProof Security.
Tobac recommends that IT professionals use two forms of communication to confirm an individual’s identity before fulfilling their request. For instance, if a user makes a request for system access over Slack, send them a reset via their corporate email.
“Many times an attacker hasn’t popped everything at once,” she says.
IT support hacks can also work in other ways. The perpetrator of a 2020 Twitter hack involving multiple high-profile accounts posed as an IT support operator to trick employees into handing over credentials.
Now, the theft of EA’s source code could create a host of problems for the company, researchers note.
“The danger of this attack lies primarily in the fact that the source code of FIFA 21 and other games has been stolen,” Boris Larin, senior security researcher at Kaspersky’s GReAT, said in a statement. “FIFA 21 is of primary interest to the attackers as the game has its own virtual currency, which is in high demand.”
The FBI has gone after hackers for allegedly defrauding the game’s currency before.
Hackers first started offering the EA source code in early May, according to researchers at Intel 471. Other groups jumped in to offer the same data this week, though it’s unclear which group is the original source.
Researchers at Akamai have noticed a rise in attacks against the gaming industry over the past year.
“Gaming companies have an additional attack surface: the games themselves,” Steve Ragan, a security researcher at Akamai, wrote in an email. “There’s also still a big market for cheat codes, cracks, and mods in the gaming industry that criminals take advantage of every day.”
Both game makers Capcom and CD Projekt Red — best known for the game Cyberpunk 2077 — suffered ransomware attacks within the past year, with source code being auctioned off.
