EA Data Breach

Not sure this particular lot were after customer data, if they were interested in source code

It's not customer data, it's the source code for the engines, which could lead to people more easily creating hacks for those engines in the future. Like people that cheat in online multiplayer matches.

Doesn't hurt to change your log in anyway, better safe than sorry.

As others said, this doesn't look like customer log in data, but anyways, better safe then sorry.

It's always a good idea to use 2 factor authentication.

Thank you for sharing @simgirl1010
I agree with what others have said about changing passwords just incase (in fact, I think regularly changing passwords is a good habit anyway!)

Could someone please help me, I'm not very technical-minded. I know what purpose someone would have for stealing customer data, but why would someone want source code? Would someone please explain to me, I'm curious.

"GirlFromIpanema;c-17908687" wrote:
Thank you for sharing @simgirl1010
I agree with what others have said about changing passwords just incase (in fact, I think regularly changing passwords is a good habit anyway!)

Could someone please help me, I'm not very technical-minded. I know what purpose someone would have for stealing customer data, but why would someone want source code? Would someone please explain to me, I'm curious.

When it comes to games, I'm not sure.

The people that stole the code will probably sell it on the black market, that's what happened to CDPR's stolen source code (for Witcher and Cyberpunk).

I think the things that EA and CDPR should worry about are potential vulnerabilities in the code which people could use to create programs that could be used for cheating or other things. I'm assuming that when you sell a game, it's pretty locked so people can't modify everything in it, maybe with encrypted files. Now EA and CDPR have to make sure that can't be exploited in their games.

This is why it's important that you have an antivirus software on your computer for example (at least for PC) because that program checks to make sure that your system files don't change or another file is causing a program to do something it shouldn't.

There have been some new information which explains how they managed to hack them as well. Turns out it was social engineering. They managed to make them believe that they were an employee who had lost their phone at a party and wanted a new one.

Unfortunately it's still common that this happens in companies because people don't believe that the person on the other end might not be who they claim to be...

Meh, I have gotten so many emails & letters saying my info may have been compromised during a data breach that I have gone from panicking to ??‍♀️ Whatever.

"Pamtastic72;c-17915438" wrote:
Meh, I have gotten so many emails & letters saying my info may have been compromised during a data breach that I have gone from panicking to ??‍♀️ Whatever.

You start to disbelieve them when they ask you for your personal details so that they can keep you safe! If they start doing that you should report them to a Fraud site in whatever country you are in.

There is a site to check on whether you might be compromised for emails and passwords. An old one I had was compromised a long time ago. I never leave my debit card saved anywhere now. An online shop lately did a check-up to see if I was who I said I was, so the well run sites are checking on this.

https://haveibeenpwned.com/

"Simburian;c-17915469" wrote:

"Pamtastic72;c-17915438" wrote:
Meh, I have gotten so many emails & letters saying my info may have been compromised during a data breach that I have gone from panicking to ??‍♀️ Whatever.

You start to disbelieve them when they ask you for your personal details so that they can keep you safe! If they start doing that you should report them to a Fraud site in whatever country you are in.

There is a site to check on whether you might be compromised for emails and passwords. An old one I had was compromised a long time ago. I never leave my debit card saved anywhere now. An online shop lately did a check-up to see if I was who I said I was, so the well run sites are checking on this.

https://haveibeenpwned.com/

I don’t save my debit card on sites anymore either and I try to keep my data safe, but the fact is once you give information to a company it’s incumbent upon them to keep it safe and too many don’t. AT&T sent me a letter saying my info had been breached, as has Blue Cross, my cable company, my local hospital, and the grocery store I frequent most because they had all been hacked at some point in time. I pretty much assume at this point that info about me is out their floating about now and there’s really nothing I can do about it.

"Pamtastic72;c-17915482" wrote:

"Simburian;c-17915469" wrote:

"Pamtastic72;c-17915438" wrote:
Meh, I have gotten so many emails & letters saying my info may have been compromised during a data breach that I have gone from panicking to ??‍♀️ Whatever.

You start to disbelieve them when they ask you for your personal details so that they can keep you safe! If they start doing that you should report them to a Fraud site in whatever country you are in.

There is a site to check on whether you might be compromised for emails and passwords. An old one I had was compromised a long time ago. I never leave my debit card saved anywhere now. An online shop lately did a check-up to see if I was who I said I was, so the well run sites are checking on this.

https://haveibeenpwned.com/

I don’t save my debit card on sites anymore either and I try to keep my data safe, but the fact is once you give information to a company it’s incumbent upon them to keep it safe and too many don’t. AT&T sent me a letter saying my info had been breached, as has Blue Cross, my cable company, my local hospital, and the grocery store I frequent most because they had all been hacked at some point in time. I pretty much assume at this point that info about me is out their floating about now and there’s really nothing I can do about it.

You are quite correct, even the most security conscious individual makes the same mistake if it's by 2FA, or VPN any other service or feature, you are using their terms of service and their software and thus you lost your privacy as they have your data. It doesn't matter how the data is handled, it won't take much to find a vulnerability in some other third party advertising site that has a copy of your data or weak security (like this breach with EA) and dump all that data on the dark web in forums where personal information on people are shared and sold.

The only sure fire way to avoid losing your data is by staying off the internet altogether and preferably never accessing it at any point in your life, but the problem with that is that security features on a lot of things these days are heavily reiant on the use of the internet and then data is collected. it's a no-win scenario trying to keep your privacy when the very features you use is collecting data on you and the very security you trust is a security risk in itself.

"ClarionOfJoy;c-17915576" wrote:
So if you watch the videos, one of the implications is that hackers could develop and sell mods and hacks for it before release. Battlefield 2042 is the first Battlefield game with no single-player campaign as all the previous ones had - it is completely multiplayer. Which means if mods/hacks are already released, people who want to play the multiplayer game fair and square will get massacred right from the start by the cheaters with the aim-bots and other hack enhancements. And this is just the effect on one game built with Frostbite. There will be other issues with all their other games built in that Frostbite game engine.

What I would like to see is what EA will do to counter those issues. I don't want them sweeping this under the rug, hoping it will all go away and not do anything about it.

EA will likely review their security, but it is unlikely to be a major change. the issue started with these hackers knowing where EA staff frequent, meaning EA needs to hide those details and make sure they are kept off any radar.

The second thing is that the apparent person joining in wasn't immediately challenged at the gates as it were, there is no internal security to filter out the wolf in sheeps clothing. so it's apparent security measures are needed and something only EA employees would know about and how to access. a face to face image can be intercepted, remember nothing is hack proof these days and deep fakes also exist. What those security changes are is something we won't find out about just to make sure EA are a lot more secure in their new security.

The way the hacker asked for and gotten details and data on account security from ea staffers is something that is almost certainly going to be looked at internally and how that is going to be handled in the future, since not only was that the last line of defence but it was too easy to get.

the fourth step with access to the source code, there most certainly should be some security put around that. it was like the hacker entered a museum and the only thing protecting the valuables is a typical glass case, something that can be easily cut into quietly and stolen. time to invest in heat sensors, motion detectors, security cameras and so forth.

"crocobaura;c-17915609" wrote:

"ClarionOfJoy;c-17910631" wrote:

"crocobaura;c-17908818" wrote:
Who pays 28 million USD just to be able to hack some games? Must be really important to win at FIFA or something.

Yeah, some of those FIFA gamers are really obsessive to win their games! I think whoever buys the source code could stand to make a lot of money from reading through the source code and creating hacks from it. The source code for example would show what the true percentages are for acquiring the more valuable loot boxes, so the modder can produce programs to improve the likelihood of getting those more valuable assets. Also check for vulnerabilities in the game that they can take advantage of somehow. Or even just to copy the coding technology for their own games. I can imagine some of the Frostbite engine would be interesting to other game developers.

I can see how it would be interesting to other game developers, but then wouldn't it be possible to tell if they used stolen EA source code in their product? As for hacks and loot boxes, well I imagine if someone pays 28 million USD just to hack and win some lootboxes, they must have 28 million to waste. There is no profit in that unless they somehow sell the hacks to players or something.

No immediate profits, but after running scams and manipulating users with digital items and so forth for a year or so, that $28 million could be easily bridged and surpassed, as the saying goes: fools and their money part easily. These types of people bank on that weakness every time and more often than not they get what they want because people do not look at what they are doing and what is right under their nose, that is until someone leads them by their nose to it when challenged by the said ignorant user (which is often annoying to watch or be part of when the user in question should know better).