In a further development to the EA hack, the attackers who accessed the gaming giant's systems and stole their source code, including for popular games like FIFA 21, have now leaked all of the stolen data.
The attack first came to light in June. When EA refused to pay the ransom for the return of the stolen data, the hackers began to drip-feed the code onto the dark web, and offering the full cache for sale for $28m. When this attempt to pressure EA into paying failed, the criminals simply dumped the entirety of the 780GB data on a cybercrime forum.
This is an interesting development for EA. Where it is not personal data, stolen data is of most value to the hacked company (hence the attackers' efforts to find more ways of trying to extort EA). In the present case, EA's decision to hold firm and not pay seems to have convinced the attackers that they are not, in fact, holding anything of value. As such, they've simply dropped the stolen goods. The source code is apparently circulating on torrent sites, however, and it remains to be seen if any of the data can exploited in the future.
Of further interest is the way that the attackers managed to obtain the data in the first place. They say that they purchased authentication cookies for an internal EA Slack channel. Once within the Slack channel, posing as a logged-in employee, they tricked EA's IT team into granting them further access to the company's systems. From there, they stole the 780GB of data. It is normally difficult for a company to determine how a breach originated - the novelty in this situation is the extent to which the attackers have been willing to disclose their methods of entry. In the present case, that is likely simply to be a further gambit in the extortion playbook: the publicity was likely designed to put EA under more pressure to pay for the return of their data. In this case, it hasn't worked.
Hackers leak full EA data after failed extortion attempt