.png "back to home page")
Login to comment
New: here is how hackers broke into EA games and stole a ton of code/internal tools
— Joseph Cox (@josephfcox) June 11, 2021
- bought cookie online for $10
- logged into EA Slack
- trick IT support to give login token for EA network
"We explain to them we lost our phone at a party last night"https://t.co/BR9poVFT6z
NEW: Hackers claim to have stolen and are actively trying to sell 780 gigabytes of data from Electronic Arts, including source code for FIFA 21.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) June 10, 2021
EA confirmed data breach but said "a limited amount of game source code and related tools were stolen." https://t.co/lA4paWWIHs
If I was EA I'd just dare the hackers to try and make something with Frostbite tbh
— Rami Ismail (رامي) (@tha_rami) June 10, 2021
https://t.co/dCCxkocXfd
Hackers ignored the NHL series, just like EA has done for the past decade https://t.co/dqMLvzwhAk
— Josh Hyman (@joshhymanNHL) June 11, 2021
I'm sure some people will claim this is about covid and wfh but this is really just an example of how immature technology like Slack gets integrated into workflows without people considering all the vulnerabilities in their security model https://t.co/CgnndCgb2R
— Katelyn Gadd (@antumbral) June 11, 2021
Started with hackers buying cookies online. These can save the login details for a user to a particular service; if you have that, you can potentially log in as them. The hackers did this to get into EA's Slack https://t.co/BR9poVFT6z pic.twitter.com/izDDOh4eQR
— Joseph Cox (@josephfcox) June 11, 2021
The group of hackers that stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token, Motherboard has learned. https://t.co/IbTtQB6pa3
— Hamza Shaban (@hshaban) June 11, 2021
Multifactor authentication: We got this.
— Katie Moussouris (she/her) is fully vaccinated (@k8em0) June 11, 2021
Slack: ???☠️ https://t.co/B7O8II6CKT
Once inside the Slack, the hackers then pretended they were a worker who had lost their phone, so they needed their multifactor authentication code. EA IT support gave it https://t.co/BR9poVFT6z pic.twitter.com/PiRMGGbepl
— Joseph Cox (@josephfcox) June 11, 2021
Data-thieving hackers strike again, stealing EA source code and police data https://t.co/PLOXyNNMfL
— Umair Akbar (@akbarth3great) June 10, 2021
This is absolutely fascinating. New attack vectors coming from all over... https://t.co/2XRhfDPl7a
— Mike Masnick (@mmasnick) June 11, 2021
Pretty ingenious - both purchasing the cookies and doing social engineering from inside Slack. When social engineering is coming from someone inside the company's Slack channel, it's assumed they're legitimate employee, and any caution IT might normally have gets dropped. https://t.co/0BeCqcL3WE
— Kim Zetter (@KimZetter) June 11, 2021
Then once inside the main EA network, the hackers found another development service. They created a virtual machine, accessed another service, and downloaded the source code https://t.co/BR9poVFT6z pic.twitter.com/SphVLUbYBR
— Joseph Cox (@josephfcox) June 11, 2021
The hackers who stole source code and documents from Electronic Arts broke in through the company's Slack.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) June 11, 2021
"Once inside the chat, we messaged a IT Support members we explain to them we lost our phone at a party last night." https://t.co/JkPivyX6oP pic.twitter.com/D6wEShFacR
Scoop: games giant EA hacked. Hackers say they have 780GB of data, including source code for FIFA 21 and the Frostbite engine, used in games like Battlefield. EA confirmed breach and the items impacted. Hackers are trying to sell data on underground forums https://t.co/wjERHqOcrc
— Joseph Cox (@josephfcox) June 10, 2021
Hackers bought login cookies belonging to an EA employee for $10 from the dark web. Used them to login to Slack then told IT the employee lost their phone so to provide them 2FA tokens directly. Then stole code.
— Dare Obasanjo (@Carnage4Life) June 11, 2021
Real life hacking’s nothing like the movieshttps://t.co/oC6AwXDvF1
Slack is often thought of as a fully trusted internal channel — orgs wrongly believe social engineering can’t happen there. When hacking I commonly target IT Support 1st, requests to IT Support like the EA intrusion “lost phone, still need network access, please help” work often. https://t.co/AJw5vkVaII
— Rachel Tobac (@RachelTobac) June 11, 2021
Video call verify if your IT department received password/2-factor reset requests via Slack or other chat platforms.
— Chris Vickery (@VickerySec) June 11, 2021
If your IT admins aren't familiar with your users enough to recognize them in a video call... well, maybe work on that. https://t.co/3ULwK4GmWt
Login to comment