New information regarding the cyberattack on Electronic Arts (EA), confirmed this Thursday (10), has been made public. According to the Vice, one of the security breaches that made the action possible was human error, as criminals would have deceived a company employee by Slack. The victim, in turn, would have been induced to open the doors for the “assault”.

In an interview with the vehicle, one of those responsible for the invasion detailed the process. First, there was the acquisition of stolen cookies and sold online for US$ 10, which gave access to the communication platform used by the company. The “tools” contained real user details such as logins and passwords.

“Once inside the chat, we send a message to a member of IT support and explain to him that we lost our phone at a party the night before,” says the source. After that, they requested multifactor authentication to access the corporate network. They got the “key” twice.

Stolen cookies gave access to the developer's corporate Slack.
Stolen cookies gave access to the developer’s corporate Slack.Source: Reproduction/REUTERS/Mike Blake

Already introduced into the internal network, the attackers found a service dedicated to developers and used to compile games. They connected to it and then successfully created a virtual machine, expanding the terrain they could explore. Finally, running another solution, they downloaded the source code for the product.

To prove what they claimed, they presented screenshots of the step by step, revealing, including the conversations in Slack.

active investigation

In addition to the details described above, the publication highlights, other documents provided bring data related to the PlayStation VR, how Electronic Arts creates digital crowds in FIFA games and the artificial intelligence applied by the company.

While Sony has not responded to requests for comment, EA points out that there is no evidence of risk to player privacy.

“After the incident, we’ve already made improvements to security protocols and don’t expect any impact to our products or business. We are actively working with authorities and other experts in this ongoing criminal investigation,” he points out.