Slack: New information regarding the cyberattack on Electronic Arts (EA), confirmed this Thursday (10), has become public. According to Vice, one of the security holes that made the action possible was human error, as criminals would have deceived a company employee by Slack. The victim, in turn, would have been induced to open the doors for the “assault”.
In an interview with the vehicle, one of those responsible for the invasion detailed the process. First, there was the acquisition of stolen cookies and sold online for US$ 10, which gave access to the communication platform used by the company. The “tools” contained real user details such as logins and passwords.
“Once in the chat, we sent a message to a member of IT support and explained to him that we lost our phone at a party the night before,” says the source. After that, they requested multifactor authentication to access the corporate network. They got the “key” twice.
Already introduced into the internal network, the attackers found a service dedicated to developers and used to compile games. They connected to it and then successfully created a virtual machine, expanding the terrain they could explore. Finally, running another solution, they downloaded the source code for the product.
To prove what they claimed, they presented screenshots of the step by step, revealing, including the conversations in Slack.
In addition to the details described above, the publication highlights, other documents provided bring data related to the PlayStation VR, how Electronic Arts creates digital crowds in FIFA games and the artificial intelligence applied by the company.
While Sony has not responded to requests for comment, EA points out that there is no evidence of risk to player privacy.
“After the incident, we have already made improvements to security protocols and do not expect any impact to our products or business. We are actively working with authorities and other experts in this ongoing criminal investigation,” he points out.