해커들은 Slack을 통해 EA의 회사 네트워크에 접속했습니다.

newsroom 6/12 '21 posted 뉴스 IT

• 해커 담당자는 마더보드에게 온라인에서 10달러에 판매되고 있던 도난 쿠키를 구입하여 해킹 과정을 시작했으며, 이를 이용해 EA의 슬랙 채널에 접속했다고 말했습니다.

• 해커들은 또한 PlayStation VR에 관한 다양한 자료, EA가 FIFA의 디지털 군중들을 만드는 방법, 그리고 게임 내 AI 관련 문서들을 포함한 일련의 문서들을 입수했습니다.

• 이로부터 해커들은 쿠키를 이용하여 EA 직원들이 사용하는 슬랙 채널에 접근할 수 있었습니다.

• Slack에서 해커 중 한 명이 EA IT 지원 담당자에게 메시지를 보내 전날 밤 파티에서 전화기를 잃어버렸다고 설명했습니다.

• EA의 회사 네트워크에 액세스할 수 있는 멀티팩터 인증 토큰을 얻는 데 성공했습니다(이 토큰은 두 번 작동한 것으로 보입니다).

• EA의 네트워크에 접속한 해커들은 그들이 로그인할 수 있는 게임을 컴파일하는 개발자들을 위한 서비스를 찾았습니다.

• 가상 머신을 생성함으로써 네트워크에서 훨씬 더 많은 가시성을 확보하여 다른 서비스에 액세스하고 게임 소스 코드를 다운로드할 수 있게 된 것으로 알려졌습니다.

• 마더보드는 어제 해커들이 FIFA 21의 소스 코드와 동상(Frostbite) 엔진 관련 코드를 포함하여 약 780GB의 데이터를 빼냈다고 말했습니다.

• 도난당한 데이터 중에는 인기 있는 축구 게임인 FIFA 21의 소스 코드와 매치메이킹 서버의 코드, 그리고 전장을 포함한 여러 EA 게임을 구동하는 동상 엔진의 소스 코드와 도구가 포함되어 있었습니다.

Hackers gained access to EA's corporate network via Slack [dotesports.com]

EA Hackers Used Slack to Breach Security [gamerant.com]

The cost of the EA data breach: $10 and a bit of social engineering [www.techspot.com]

Gaming Giant EA Suffers Major Data Breach [www.infosecurity-magazine.com]

The EA hack was worryingly simple [www.slashgear.com]

It took hackers $10 worth of stolen cookies and some lies to breach EA's systems [www.neowin.net]

newest replies popular replies

Open Wiki - Feel free to edit it. -

6/12 '21 answered

New: here is how hackers broke into EA games and stole a ton of code/internal tools
- bought cookie online for $10
- logged into EA Slack
- trick IT support to give login token for EA network

"We explain to them we lost our phone at a party last night"https://t.co/BR9poVFT6z
— Joseph Cox (@josephfcox) June 11, 2021

NEW: Hackers claim to have stolen and are actively trying to sell 780 gigabytes of data from Electronic Arts, including source code for FIFA 21.

EA confirmed data breach but said "a limited amount of game source code and related tools were stolen." https://t.co/lA4paWWIHs
— Lorenzo Franceschi-Bicchierai (@lorenzofb) June 10, 2021

If I was EA I'd just dare the hackers to try and make something with Frostbite tbh
https://t.co/dCCxkocXfd
— Rami Ismail (رامي) (@tha_rami) June 10, 2021

Hackers ignored the NHL series, just like EA has done for the past decade https://t.co/dqMLvzwhAk
— Josh Hyman (@joshhymanNHL) June 11, 2021

I'm sure some people will claim this is about covid and wfh but this is really just an example of how immature technology like Slack gets integrated into workflows without people considering all the vulnerabilities in their security model https://t.co/CgnndCgb2R
— Katelyn Gadd (@antumbral) June 11, 2021

Started with hackers buying cookies online. These can save the login details for a user to a particular service; if you have that, you can potentially log in as them. The hackers did this to get into EA's Slack https://t.co/BR9poVFT6z pic.twitter.com/izDDOh4eQR
— Joseph Cox (@josephfcox) June 11, 2021

The group of hackers that stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token, Motherboard has learned. https://t.co/IbTtQB6pa3
— Hamza Shaban (@hshaban) June 11, 2021

Multifactor authentication: We got this.
Slack: ???‍☠️ https://t.co/B7O8II6CKT
— Katie Moussouris (she/her) is fully vaccinated (@k8em0) June 11, 2021

Once inside the Slack, the hackers then pretended they were a worker who had lost their phone, so they needed their multifactor authentication code. EA IT support gave it https://t.co/BR9poVFT6z pic.twitter.com/PiRMGGbepl
— Joseph Cox (@josephfcox) June 11, 2021

Data-thieving hackers strike again, stealing EA source code and police data https://t.co/PLOXyNNMfL
— Umair Akbar (@akbarth3great) June 10, 2021

This is absolutely fascinating. New attack vectors coming from all over... https://t.co/2XRhfDPl7a
— Mike Masnick (@mmasnick) June 11, 2021

Pretty ingenious - both purchasing the cookies and doing social engineering from inside Slack. When social engineering is coming from someone inside the company's Slack channel, it's assumed they're legitimate employee, and any caution IT might normally have gets dropped. https://t.co/0BeCqcL3WE
— Kim Zetter (@KimZetter) June 11, 2021

Then once inside the main EA network, the hackers found another development service. They created a virtual machine, accessed another service, and downloaded the source code https://t.co/BR9poVFT6z pic.twitter.com/SphVLUbYBR
— Joseph Cox (@josephfcox) June 11, 2021

The hackers who stole source code and documents from Electronic Arts broke in through the company's Slack.

"Once inside the chat, we messaged a IT Support members we explain to them we lost our phone at a party last night." https://t.co/JkPivyX6oP pic.twitter.com/D6wEShFacR
— Lorenzo Franceschi-Bicchierai (@lorenzofb) June 11, 2021

Scoop: games giant EA hacked. Hackers say they have 780GB of data, including source code for FIFA 21 and the Frostbite engine, used in games like Battlefield. EA confirmed breach and the items impacted. Hackers are trying to sell data on underground forums https://t.co/wjERHqOcrc
— Joseph Cox (@josephfcox) June 10, 2021

Hackers bought login cookies belonging to an EA employee for $10 from the dark web. Used them to login to Slack then told IT the employee lost their phone so to provide them 2FA tokens directly. Then stole code.

Real life hacking’s nothing like the movieshttps://t.co/oC6AwXDvF1
— Dare Obasanjo (@Carnage4Life) June 11, 2021

Slack is often thought of as a fully trusted internal channel — orgs wrongly believe social engineering can’t happen there. When hacking I commonly target IT Support 1st, requests to IT Support like the EA intrusion “lost phone, still need network access, please help” work often. https://t.co/AJw5vkVaII
— Rachel Tobac (@RachelTobac) June 11, 2021

Video call verify if your IT department received password/2-factor reset requests via Slack or other chat platforms.
If your IT admins aren't familiar with your users enough to recognize them in a video call... well, maybe work on that. https://t.co/3ULwK4GmWt
— Chris Vickery (@VickerySec) June 11, 2021

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured