Hack of the video game company Electronics Arts exposing 780GB of data including source code for the company's FrostBite engine, by LAPSUS$.
Explanation of the Hack
The hackers bought a cookie that let them log into an EA slack account on Genesis Market, a marketplace for credentials stolen from computers infected with malware. The hackers then tricked an IT employee into granting them access to the company's internal network.
- Vice: How Hackers Used Slack to Break into EA Games
- Vice: Inside the Market for Cookies That Lets Hackers Pretend to Be You
The hackers first tried to sell the access and source code on Raidforums. The Raidforums members got the hackers in touch with a Vice journalist who interviewed them and broke news of the hack to EA. The hackers then tried to solicit said journalist to pass along an extortion message to EA. Unfortunately, the journalist refused. The hackers proceeded to blackmail the company for $100m not to release the data and Vice was then able to confirm that EA had indeed received their message. EA does not seem to have paid as the hackers have subsequently released all of the data for free.
Hello EA we are the Hackers who breached your src and other data First of all we apologize to harm your company and reputation well what is the motive behind any hack Money right ? so we are here to discuss related to this thing we checked your statement on media where you mentioned ""No player data was accessed, and we have no reason to believe there is any risk to player privacy, Is this really true? We, in fact, got to some of your production database we have database (around 2TB of pure data) As you already know we have src , tools + unrevealed 2tb pure data with respect you also know if we leak this it can be big trouble for your company that's why i have a idea best offer to you we never sell your data to anyone only my team have this data if we want to kept his all private we can the deal is Pay us 100 mil$ in xmr (monero) we will never disclose your any type of data in public even we take full responsibility it will never leak and it will deleted from our system too You have 7 days for paying us first 33.34 mil$ to the first address After 8 th day we will contact news to tell them we have user data. After the 9th day we will start to post some part of your source code every day on the deepweb til the first payment is completed. we gave you the best offer if you pay in delay, everything will be deleted and your company can run, We have no interest in leaking if you pay. I know this sound like a ransomware, but just for one time, trust us. We just want money we know your are afraid of scammers we sending you here our proof ofdata for your trust So, how's that we gonna proceed, You will maintenance your fifa 21 servers the 5th of july at any time, Before the maintenance, you will post a message on your twitter account (@EA) After the first payment completed, you will have 2weeks to send the other 66.66mil USD Data : USER_EVENT_SESSION_ENGA... Rows : 348.0G Size : 30.3TB USER_EVENT_ECONOMY Rows : 108.5G Size : 11.4TB USER_EVENT_MESSAGING Rows : 190.9G Size : 11.2TB I really hope you understand that we are not kidding and we are friendly. Thoses addresses are one time payment, mean you can't send two time to an address. so here is out payment address XMR : again we are sorry but you know during this pandemic we all need money , just all people ways are different i hope you will send the first payment in less than 7 days so we can continue Instruction : Well for our own reasons we don't use any direct contact with you we will use indirect contact method So, I will give you some written content which you will post from your Twitter account so that we can understand. if you are ready and make payment with the address post on your twitter account : "maintenance from 5 July 10 to 11 UTC If you posted this we will understand you are ready to make the payment and we will proceed In Case you want to deny our golden offer post : or if you need some more time post "just report this to any reporter and made news again we so we understand you deny our offer and we will start to posting our code and start selling other sensitive data" in one line : if you agree do a maintenance 5th of july from 10 to 11 UTC AND POST ON TWITTER We need 33.34 mil in this week after this We will recontact you in some times When the first payment will be completed we will delete 50% of what we have On the third payment we will delete the database from our servers You will have 2 weeks to pay the others payment 33.34 mil in this week after this We will recontact you in some times When the first payment will be completed we will delete 50% of what we have On the third payment we will delete the database from our servers You will have 2 weeks to pay the others payment hope you will understand and pay us as fast as you can Last thing If possible, do not tell this to the reporter and LE shits because we also do not want your reputation and worth to be down.