Source code of some popular Electronic Arts games has already been offered for sale of the darknet, following a breach of the games company’s systems last week.
The company has been quick to reassure players that their security has not been compromised.
Electronic Arts is one of the world’s biggest games publishers, and hackers claim to have taken 780Gb of data, including the Frostbite source code. This is the game engine that FIFA, Madden, and Battlefield, among others, are based on.
They have also claimed to have stolen software development tools for FIFA 21 and server code for player matchmaking in FIFA 22.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” Electronic Arts said in a statement.
“No player data was accessed, and we have no reason to believe there is any risk to player privacy,” it adds.
“Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business.
“We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”
Boris Larin, senior security researcher at Kaspersky, comments: “The danger of this attack lies primarily in the fact that the source code of FIFA 21 and other games has been stolen. We have already seen advertisements for its sale on darknet forums, alongside other tools extracted by the attackers.
“FIFA 21 is of primary interest to the attackers as the game has its own virtual currency, which is in high demand. In 2015, the FBI arrested a group that had allegedly mined and sold $15-million to $18-million worth of this virtual currency by using vulnerabilities found in the game.”
Larin adds: “The source code allows you to easily study all the functionality of the game and game servers, study game logics, secret algorithms and anti-cheat technologies. It’s then possible to use this knowledge to search for vulnerabilities, create cheat codes and get rich through mining and selling the in-game currency, bypassing the rules set by the game developer.
“Studying the functionality of the client side of the game is possible with help of reverse engineering, but it is very difficult and laborious. Meanwhile, access to the source code allows you to simply read the game code like an open book.”