Hackers Have Released EA’s Source Code Online

Hackers Have Released EA’s Source Code Online
Image: EA/DICE

After refusing an open call for ransom — and after failing to get a media outlet to do it for them — the hackers responsible for stealing hundreds of gigabytes of source code from EA leaked everything online.

The data, a dump totalling about 780GB of source code including files on FIFA 21, FIFA 22 and EA’s internal Frostbite engine which powers games from Battlefield to Mass Effect Andromeda, is reportedly being shared around torrent sites after being released on the dark web in late July.

The Record, which downloaded a copy of the data, posted some screenshots of the files available in the folder.

ea leak
Image: The Record

In a statement after the initial leak, EA said the hackers did not get access to any player data. “We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation,” EA said, adding that “we’ve already made security improvements and do not expect an impact on our games or our business”.

The bigger problem with this isn’t necessarily for EA or the FIFA series, but what might happen now that people can get a better look at the inner workings of Frostbite. One particular concern could be with Battlefield 2042: I’m sure cheat manufacturers would love to peek under Frostbite’s hood, especially given how accessible cheats are on PC and console these days.

According to VICE’s Motherboard, the hackers gained access to EA’s data by purchasing a stolen Slack cookie from the dark web. The hackers then used social engineering to trick an EA employee to provide login details, using the ruse that “we lost our phone at a party last night”. That allowed them to gain access to EA’s internal corporate network, revealing an internal service used by EA developers for compiling game builds.

Comments

  • “See, we’ll really do it!”

    Well, on the one hand, companies know that some groups will actually do what they’re threatening to with their stolen codes.

    On the other hand, hopefully there’ll be even longer jail sentences for them once the authorities get their hands on them.

      • Russia like china won’t ever extradite its own citizens if they are going to be charged with something in a foreign country.

        So they wont go to jail, But they wont ever be able to leave russia.

    • “as part of this ongoing criminal investigation”. Which criminal act is that? The piss-poor security they have on their network which anyone can circumvent? I’m sure they’ll blame the poor underpaid customer service shlep who was just trying to keep a seemingly legit client’s access going and his job! The real question is, who/how/where did they get this alleged slack cookie from…? And why is that deemed enough backup ID for customer service to allow clients to circumvent basic access controls?

      • If i leave my door open and unlocked and someone comes in and steals my TV, That person would still be charged with burglary.

        It being easy to break in doesn’t suddenly make every act afterwards legal.

        • indeed. but in this situation (if we are playing along) the tv is a no name asian export than can only manage 1080p if you look at it from the right angle.

    • I think in this case the problem is that EA had no guarantee that this wouldn’t have happened if they paid.

      There’s a big difference between paying a ransom to criminals to get your data back and paying a ransom to criminals in exchange for their promise to delete their copy of your data.

Show more comments

Log in to comment on this story!