The hackers who attacked a game developer company Electronic Arts last month have released the entirety of the stolen data on a hacker forum after they could not extort the company nor sell the data.
The data, which was dumped on an underground cybercrime platform on July 26, is now being distributed on torrent sites by various users. The leaked files include the source code of the latest version of the FIFA 21 soccer game and tools to support EA’s server-side services.
The details of the leak were first revealed on June 10, when hackers posted the data from Electronic Arts and asked $28 million for it.
The hackers said they gained access to the data through an EA internal Slack channel after buying authentication cookies from a dark web marketplace Genesis. The hackers used the cookies to gain unauthorized access to the company’s Slack by mimicking an account of a logged-in EA employee. They then tricked an EA IT support person into giving them access to the company’s network. From there, the hackers downloaded over 780GB of code from the company’s internal code repository.
The hackers initially hoped to make big money from the breach, but they failed to find anyone interested in the stolen data. After failing to find a buyer for their data, the hackers tried to extort EA by demanding that the company pay an undisclosed sum for keeping the data private.
They first released a 1.3GB FIFA source code cache on July 14, but they later released the entire data after EA did not give in to their threats.
EA has confirmed that no player data was accessed during the breach, and the company has no reason to believe that there is any risk to their privacy.
“Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business,” an EA spokesperson told The Record. “We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”