Source code allows hackers to meddle with the inner workings of a game. EA allegedly ignored these security holes in their domains for months after they were discovered by the Israeli cybersecurity firm Cyberpion. Lack of domain security: 15 EA sites served login pages over HTTP rather than HTTPS, EA subdomains were left exposed online from expired certificates, and multiple DNS misconfigurations left their domains vulnerable to takeovers.It might seem annoying, but it’s better than having an impersonator ransack years of your company's hard work. Certain files and services should be locked and at least require 2FA authentication to access. With EA, this was the case when the hackers found and accessed the service that developers use for compiling games. Lack of network security: OK, so hackers managed to infiltrate EA’s network, but that doesn’t mean they should automatically get access to certain files and documents.Cookies on websites and apps save your login details and other data that could potentially allow a hacker to sign in to places with your details. Hackers stole login data from stolen cookies purchased for $10 on underground forums. Lack of cookie security: This brings us nicely to the risks of cookie session data.It may seem insignificant, but if a hacker knows your work’s Slack channel names, all they have to do is steal login credentials and wreak havoc in your name. The EA engineer: In a supposedly unrelated 2020 incident, an EA engineer left a list of EA Slack channels in a public facing code repository.And all it took was a petty excuse like losing your phone at a party the night before. This one staff member was a small but major gateway into EA’s systems. The IT support employee: Although the hacker managed to log in to Slack as an EA employee, perhaps other measures should have been taken by IT to grant access to the network.We defined 5 make-or-break points for this hack to work, which we’re going to outline below to help you strengthen your security: We’ve been warning our readers about the dangers of social engineering attacks for years, and now you can see just how easy it is to cause massive damage. This was a social engineering attack, which is a fancy way of saying “you were tricked by a hacker”. Screenshot of the hackers post found on an underground forum. Source code for Frostbite which powers games like Battlefield.Source code for FIFA21, including matchmaking tools.(Cookies save login details that can potentially allow someone else to sign in as you).Īs reported by, the hackers boasted on underground platforms that anyone willing to pay $28 million will “gain full capability of exploiting all EA services”. The hackers were able to log in to Slack as an EA employee after buying stolen cookies for $10 on an underground forum. By logging in to EA’s Slack as an existing employee and tricking IT support staff, hackers got away with stealing the source code for FIFA 21 and Frostbite, as well as classified documents on AI, VR, and digital FIFA crowds.Īfter telling the IT staff that they’d “lost their phone at a party last night”, they were issued a multi-factor authentication token granting them access to EA’s corporate network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |