Hackers have broken into the systems of Electronic Arts, one of the world’s biggest video game publishers, and stolen source code used in company games.
Online forum posts reviewed by CNN Business and vetted by an independent cybersecurity expert show that on June 6, hackers claimed to have obtained 780 gigabytes of data from EA (EA), including the Frostbite source code, which is the game engine that powers the FIFA, Madden, and Battlefield series of video games, among others.
The hackers claimed to offer “full capability of exploiting on all EA services.” They also claimed to have stolen software development tools for FIFA 21 and server code for player matchmaking in FIFA 22.
Brett Callow, the cybersecurity expert and a threat analyst at Emsisoft, said losing control over source code could be problematic for EA’s business. “Source code could, theoretically, be copied by other developers or used to create hacks for games,” he said.
“Anytime source code gets leaked it’s not good,” said Ekram Ahmed, a spokesperson for the cybersecurity firm Check Point. “Hackers can comb through the code, identify deeper flaws for exploit, and sell that previous code on the dark web to malicious threat actors.”
Player data was not compromised in the breach, the EA spokesperson said.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” the EA spokesperson said. “No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
The data breach was first reported by Vice, which cited some of the same forum posts. The EA spokesperson confirmed that EA’s statement is in response to the breach Vice reported.
The breach comes as cyber attacks are once again gaining more attention, with ransomware attacks hitting top infrastructure companies such as the meatpacking business JBS USA and the fuel distributor Colonial Pipeline.
The EA breach was not a ransomware attack, the spokesperson said.