The cost of the EA data breach: $10 and a bit of social engineering

The hackers responsible for the recent data breach involving Electronic Arts have divulged how they did the deed. A representative for the hacking group told Motherboard they got the ball rolling by purchasing stolen cookies online for just $10. Ouch.

From there, the hackers were able to use the cookies to gain access to a Slack channel used by EA employees.

Once on Slack, one of the hackers messaged an EA IT support member and explained that they had lost their phone at a party the night before. They were successful in getting a multifactor authentication token that gave them access to EA’s corporate network.

With access to EA’s network, the hackers located a service for developers compiling games that they were able to log into. Creating a virtual machine reportedly gave them even more visibility on the network, allowing them to access another service and download game source code.

Motherboard said the rep provided screenshots to back up their story, including images of the Slack chats. When Motherboard reached out to EA, a rep “confirmed to Motherboard the contours of the description of the breach given by the hackers.”

Motherboard said yesterday that the hackers made away with roughly 780GB of data including the source code for FIFA 21 and code related to the Frostbite engine.