After reports broke yesterday of a whopping 780 GB of data to be swept from the gaming giant Electronic Arts (EA), we already have find out how the heist unfolded, at least according to the hackers.
A “representative for hackers” said to the motherboard Friday that the scheme was actually quite simple: They allegedly started by buying stolen biscuits online for $ 10 each, then used them to access one of EA’s Slack corporate channels. Apparently EA’s Slack label isn’t the safest – we have already seen researchers find that a former company engineer left the names of EA’s corporate Slack channels in a public code repository.
By motherboard, the next step was to send a message to EA’s IT support team to claim that the hackers had “lost [their] phone at a party last night, ”before asking the employee for a multi-factor authentication token. Once they got their hands on this token, the hacker rep said: they were able to access EA’s corporate network directly, which led them to the hub where some of EA’s developers compile their games. Very soon, fraudsters were downloading material for the Playstation VR, internal documents on AI in games, and documents on how EA “creates digital crowds in FIFA games”.
Meanwhile, representatives of EA previously confirmed at Gizmodo that the hacking started and ended with this data mine. “No player data has been viewed and we have no reason to believe that there is a risk to player privacy, ”the spokesperson said, noting that the company had“ already made improvements to security ”in response to hacking. Hopefully one of these buffs makes their Slack channels a little less hackable.