A couple of weeks ago, EA confirmed that it had suffered a data breach, during which confidential source code for games and the Frostbite Engine were stolen. As it turns out, EA was warned of vulnerabilities in its systems months ago, but the publisher failed to tighten up its security.
As reported by ZDNet, cybersecurity firm, Cyberpion, approached EA back in December 2020, warning that multiple domains were subject to takeovers due to misconfigured DNS records. By using these stolen domains, attackers could send spoofed emails under the guise of an official EA account, which in turn opened up social engineering avenues to get further access to EA’s systems.
The company sent EA a proof of concept of how an attack could be carried out, as well as other details. Unfortunately, EA was not quick enough to address the issue, and as a result, files were stolen and are reportedly being auctioned on the deep web.
In total, around 780GB worth of EA files were stolen. According to Cyberpion, a number of Fortune 500 companies are also suffering from similar issues with misconfigured sites that are prone to attacks. So far, EA has reportedly addressed seven of the critical issues raised over the last few days.
Discuss on our Facebook page, HERE.
KitGuru Says: Unfortunately, stories like this are all too common. Cybersecurity firms routinely reveal issues to companies confidentially, only for those companies to not act fast enough, resulting in massive amounts of data theft.