Hackers breached Electronic Arts (EA) by acquiring authentication cookies for an internal Slack channel from a dark web marketplace. Using these, they impersonated an EA employee, tricked IT support into granting network access, and exfiltrated **780GB of source code**, including the FIFA 21 game and server-side tools. After failing to extort EA or sell the data (valued at $28M initially), the attackers dumped the entire cache on underground forums and torrent sites. EA confirmed **no player data was compromised**, and the stolen assets were primarily proprietary code with limited black-market value. The company stated no risk to player privacy or business operations, though security improvements were implemented. Law enforcement is involved in the ongoing investigation.
Source: https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt
TPRM report: https://www.rankiteo.com/company/electronic-arts
"id": "ele4503245102825",
"linkid": "electronic-arts",
"type": "Breach",
"date": "6/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'None (no player data '
'compromised)',
'industry': 'Video Games',
'location': 'Redwood City, California, USA',
'name': 'Electronic Arts (EA)',
'size': 'Large (12,900+ employees as of 2021)',
'type': 'Public Company'}],
'attack_vector': ['Credential Theft (Authentication Cookies)',
'Social Engineering',
'Internal Network Access via Slack'],
'customer_advisories': 'None issued (no customer data compromised)',
'data_breach': {'data_exfiltration': 'Yes (780GB)',
'file_types_exposed': ['Source Code Files',
'Server-Side Tools'],
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'High (Proprietary Code, but no '
'PII/Financial Data)',
'type_of_data_compromised': ['Source Code',
'Internal Development Tools']},
'date_detected': '2021-06-10',
'date_publicly_disclosed': '2021-06-10',
'description': 'Hackers breached Electronic Arts (EA) in June 2021, stealing '
'780GB of source code, including FIFA 21 and internal tools. '
'After failing to extort EA or sell the data, they released '
'the full cache on underground forums and torrent sites in '
'July 2021. The breach was facilitated by purchasing '
'authentication cookies for EA’s internal Slack channel from '
'the Genesis dark web marketplace, followed by social '
'engineering to gain network access. EA confirmed no player '
'data was compromised and stated the incident would not impact '
'games or business operations.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'high-profile leak, though EA '
'downplayed risks',
'data_compromised': ['Source Code (FIFA 21, Internal Tools)',
'780GB of Internal Code Repositories'],
'identity_theft_risk': 'None (no player data accessed)',
'operational_impact': 'None reported; EA stated no impact on games '
'or business',
'payment_information_risk': 'None',
'systems_affected': ['EA Internal Slack Channel',
'Code Repositories',
'Server-Side Service Tools']},
'initial_access_broker': {'data_sold_on_dark_web': 'No (attempted sale '
'failed; data dumped for '
'free)',
'entry_point': 'EA Internal Slack Channel (via '
'stolen authentication cookies)',
'high_value_targets': ['Source Code Repositories',
'FIFA 21 Game Files']},
'investigation_status': 'Ongoing (as of July 2021, with law enforcement '
'involvement)',
'lessons_learned': '1. Authentication cookies (e.g., Slack) are high-value '
'targets for initial access brokers. 2. Social engineering '
'remains effective against IT support teams. 3. '
'Proprietary source code, while valuable to the company, '
'may lack resale value in cybercriminal markets. 4. Public '
'disclosure strategies can mitigate reputational harm even '
'after large-scale leaks.',
'motivation': ['Financial Gain (Extortion)',
'Data Monetization (Failed Sale)'],
'post_incident_analysis': {'corrective_actions': ['Unspecified security '
'improvements implemented '
'by EA.',
'Collaboration with law '
'enforcement for criminal '
'investigation.'],
'root_causes': ['Purchase of EA Slack '
'authentication cookies from '
'Genesis marketplace.',
'Successful social engineering of '
'IT support to gain network '
'access.',
'Lack of segmentation or '
'monitoring for unusual access '
'patterns.']},
'ransomware': {'data_encryption': 'No',
'data_exfiltration': 'Yes',
'ransom_demanded': ['$28 million (initial sale attempt)',
'Undisclosed sum (extortion attempt)'],
'ransom_paid': 'No'},
'recommendations': ['Implement multi-factor authentication (MFA) for internal '
'communication platforms like Slack.',
'Conduct regular security training for IT support staff '
'to prevent social engineering attacks.',
'Monitor dark web marketplaces for stolen credentials or '
'authentication tokens.',
'Segment internal networks to limit lateral movement '
'post-breach.',
'Evaluate the sensitivity of source code and apply '
'additional access controls or encryption.'],
'references': [{'date_accessed': '2021-07-26',
'source': 'The Record',
'url': 'https://therecord.media'},
{'date_accessed': '2021-06',
'source': 'Motherboard (Vice)',
'url': 'https://www.vice.com/en/topic/motherboard'}],
'response': {'communication_strategy': ['Public Statement (The Record)',
'Downplayed Risks'],
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'remediation_measures': ['Security Improvements (unspecified)'],
'third_party_assistance': ['Law Enforcement',
'Cybersecurity Experts']},
'stakeholder_advisories': 'EA issued statements to media outlets (The Record) '
'confirming no player data was accessed and no '
'expected business impact.',
'threat_actor': ['Unknown Hacking Group', 'Opportunistic Cybercriminals'],
'title': 'Electronic Arts (EA) Data Breach and Source Code Leak',
'type': ['Data Breach', 'Source Code Theft', 'Extortion Attempt'],
'vulnerability_exploited': ['Weak Authentication (Slack Cookies)',
'Human Error (IT Support Tricked)']}