In a huge Cyber Security Event, after a failed attempt at extortion, some hackers have leaked online a massive amount of 751 GB cache data that they previously stole from Electronics Arts. These files included the source code of the popular FIFA 21 game. The hackers had expected a large sum of money from EA Sports given the massive popularity of the game, but they refused to budge resulted in the leak earlier.
The criminals tried to sell the FIFA 21 source code on the internet as well but it also went in main as there were no takers. In the end, they dumped the whole thing on torrent sites. Now any individual can end up setting up private servers to play the game with their friends however it strongly inadvisable. Other than the piracy aspect of the activity the hackers may also try to spread malicious viruses, ransomwares or other such thing embedded with the code which might have the opportunity to spread to large sections. Although EA officials have said that the hackers could not access player data, it remains to be seen how much of that is the truth.
In an interview couple of months back, one of the cybercriminals revealed that they had purchased stolen authentication cookies for an EA internal Slack channel for $10. It was sold in a dark web marketplace called Genesis. The cookies were later used to replicate the account of an EA worker, allowing them access to the company’s Slack channel. The hackers then played a bit of social engineering by tricking an IT support staff to grant them access to the internal code repositories of the company.
Such security breaches are a major wake up call for organisations to improve their security posture with the ever changing threat landscape. There is no alternative to “Zero Trust” in this current day and age. Security needs to smarter, more scalable and more importantly with “Zero Trust Architecture”.