Current Events > Hackers steal source code to 'FIFA 2021' and Frostbite engine from EA

(+) Yeah! (+)

https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code

Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools, Motherboard has learned. "You have full capability of exploiting on all EA services," the hackers claimed in various posts on underground hacking forums viewed by Motherboard. A source with access to the forums, some of which are locked from public view, provided Motherboard with screenshots of the messages. In those forum posts the hackers said they have taken the source code for FIFA 21, as well as code for its matchmaking server. The hackers also said they have obtained source code and tools for the Frostbite engine, which powers a number of EA games including Battlefield. Other stolen information includes proprietary EA frameworks and software development kits (SDKs), bundles of code that can make game development more streamlined. In all, the hackers say they have 780gb of data, and are advertising it for sale in various underground hacking forum posts viewed by Motherboard.

EA confirmed to Motherboard that it had suffered a data breach and that the information listed by the hackers was the data that was stolen. "We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen," an EA spokesperson told Motherboard in a statement. "No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, weve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation." Along with their forum posts the hackers shared a small selection of screenshots claiming to demonstrate their access to EA data, but did not publicly distribute any of the internal data itself. Instead, the hackers are, at least ostensibly, trying to sell the information.


---

"Hackers"

---

The dreaded hacker, 4chan

---

Again, why in the hell are critical systems connected to the internet?

Oh no...not EA...

---

Questionmarktarius posted...

Again, why in the hell are critical systems connected to the internet?

Pandemic likely means many need access from home.

---

Maybe they'll make Bad Company 3

another vice article that's most certainly 100% accurate
/s

Funkydog posted...

Pandemic likely means many need access from home.

You don't access remote systems through the internet. You have a VPN that connects to a proxy and the proxy can get to the remote systems.

The hack suggests either an employee ran a trojan from email or there was a major security flaw in FIFA itself.

---

Tyranthraxus posted...

You don't access remote systems through the internet. You have a VPN that connects to a proxy and the proxy can get to the remote systems.

The hack suggests either an employee ran a trojan from email or there was a major security flaw in FIFA itself.

Well sure, I just meant that possibly a compromised person accessed it from home and had shit security on their own things.

---

I quoted you but was mostly addressing Questionmarktarius WRT the servers in question most likely do not have internet access.

I can't speak for everyone obviously but at my job not even our webservers have internet access.

---

Fair enough. It would be surprising if they did, but also wouldn't surprise me in just how lax many places actually are with security.

---

nothanks1 posted...

another vice article that's most certainly 100% accurate
/s

https://mediabiasfactcheck.com/vice-news/

Factual Reporting: MOSTLY FACTUAL
Country: USA (45/180 Press Freedom)
Media Type: Website
Traffic/Popularity: High Traffic
MBFC Credibility Rating: HIGH CREDIBILITY

---

nothanks1 posted...

another vice article that's most certainly 100% accurate
/s

There are other sources for this story and like said in OP EA admitting hack took place.

https://www.theverge.com/2021/6/10/22528003/ea-data-breach-frostbite-fifa-internal-tools-hack
https://www.engadget.com/electronic-arts-hacked-164608934.html

---

RIP EA. Now someone else is gonna make FIFA.

---

TheVipaGTS posted...

RIP EA. Now someone else is gonna make FIFA.

The chances of this bringing down EA are essentially zero.

Tyranthraxus posted...

not even our webservers have internet access

Hold on, what?

Questionmarktarius posted...

Hold on, what?

Our public IP points to a load balancer. The load balancer then routes the request using private addresses to webservers (and ftp servers) and those servers respond to the load balancer who then passes the request back to the client. The webservers themselves don't have internet access.

---

Tyranthraxus posted...

Our public IP points to a load balancer.

Ah. Nice.

Tyranthraxus posted...

Our public IP points to a load balancer. The load balancer then routes the request using private addresses to webservers (and ftp servers) and those servers respond to the load balancer who then passes the request back to the client. The webservers themselves don't have internet access.

Hello, I'm still obtaining my networking certs, but I've not heard of something like this. Can you explain more so I can learn? Does your load balancer double as a router? Is it the demarc point for your network?

---

Good, fuck EA & especially fuck all the shady shit they do in FIFA.

_Daydream posted...

Hello, I'm still obtaining my networking certs, but I've not heard of something like this. Can you explain more so I can learn? Does your load balancer double as a router? Is it the demarc point for your network?

I don't work with the guys that manage it so I don't have all the technical details but the load balancer is not a router. Routers serve up a specific machine based on the address you ask it for. The load balancer looks at your request and determines which server to send your request to based on the rules it's given. For example "round robin" just sends every request to a different server, or "sticky sessions" which sends requests from the same client to the same server regardless of load which is necessary for web sessions that have things in session memory.

This is also how you patch webservers and update websites without bringing everything down. Tell the load balancer to send all requests to server A, patch & reboot server B, tell the load balancer to send all requests to server B, patch and reboot server A, tell the load balancer to send to both servers.

Log wise our webservers document all requests as if they're coming from a private IP address but they're actually coming from the load balancer. The client IP address is in the load balancer and through some voodoo magic it knows how to send a response from a specific webserver back to the client that requested it. There's some additional voodoo magic applied by our cto that tracks the real client IP address in a custom field in our logging but I don't know anything about that.

---

Good, maybe they will be forced to create a new engine for Madden now

---

Tyranthraxus posted...

I don't work with the guys that manage it so I don't have all the technical details but the load balancer is not a router. Routers serve up a specific machine based on the address you ask it for. The load balancer looks at your request and determines which server to send your request to based on the rules it's given. For example "round robin" just sends every request to a different server, or "sticky sessions" which sends requests from the same client to the same server regardless of load which is necessary for web sessions that have things in session memory.

This is also how you patch webservers and update websites without bringing everything down. Tell the load balancer to send all requests to server A, patch & reboot server B, tell the load balancer to send all requests to server B, patch and reboot server A, tell the load balancer to send to both servers.

Log wise our webservers document all requests as if they're coming from a private IP address but they're actually coming from the load balancer. The client IP address is in the load balancer and through some voodoo magic it knows how to send a response from a specific webserver back to the client that requested it. There's some additional voodoo magic applied by our cto that tracks the real client IP address in a custom field in our logging but I don't know anything about that.

That's interesting, thank you for some inside details! I have not worked with a load balancer yet but it is in my future, I appreciate the insight.

---

_Daydream posted...

That's interesting, thank you for some inside details! I have not worked with a load balancer yet but it is in my future, I appreciate the insight.

The load balancer is by far the most complicated part of our network infrastructure. The one guy who was managing it tried to quit years ago and management made a bunch of concessions and exceptions to get him to stay that most employees don't get lol.


---