EA hackers steal source code for FIFA, Battlefield game series
Stolen data has now been posted for sale on the dark web


Hackers have downloaded approximately 780GB of data from video games publisher Electronic Arts (EA) and are in the process of selling portions of the cache to buyers on the dark web.
The publisher, which manages popular series such as FIFA, Battlefield, and The Sims, said in a statement that a limited amount of game source code and internal tools were stolen, according to Motherboard.
The cyber criminals responsible are now actively selling portions of the stolen data through the dark web, according to screenshots seen by the publication, and are seeking serious buyers.
EA has said that the incident did not involve ransomware, but the company is yet to detail how the hack unfolded.
Other stolen data includes source code and tools for the Frostbite gaming development engine, proprietary EA frameworks, and software development kits (SDKs), with the compromised cache totalling roughly 780GB.
A cached web page dated 6 June suggests buyers can attain "full capability of exploiting on all ea services" for the cost of "28m". The post also claims to have taken charge of the FIFA 21 matchmaking server and FIFA 22 API keys. The cyber criminals also provided samples of the stolen information.
"We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen," an EA spokesperson told Motherboard and other publications in a statement.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we've already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation."
IT Pro has asked EA to clarify the nature of the attack, and confirm whether or not it was a ransomware incident.
EA is the latest gaming company to be hit in a cyber attack after the Polish developer CD Projekt was compromised in February this year.
Hackers stole company data as well as encrypted a number of developer devices in a ransomware attack, before subsequently auctioning off stolen assets in a self-described "charity fundraising" exercise.
Although hackers are selling off portions of the data they seized, cyber security specialist with ESET, Jake Moore, suggested the attack likely wasn't financially motivated.
RELATED RESOURCE
IT Pro 20/20: What the EU's new AI rules mean for business
The 17th issue of IT Pro 20/20 considers the effect of new regulations on the IT industry
"Attacks on games publishers are usually for other reasons such as cheat making or underground community kudos," he said. "Gaming source code makes a popular target for cheat makers and their communities, so protection must be water tight.
"There will be an inevitable indirect financial hit as EA recovers from a frustrating strike, but luckily this is not related to ransomware like many other current targeted cyberattacks delivering a two-pronged attack."
Challenged on why the hackers are seeking buyers for the stolen data if it isn't financially motivated, Moore added: "Of course malicious actors can attempt to profit from any attack when it suits them".
"It is common for games publishers to have their data stolen purely for cheat makers," he continued, "but if this comes at a time when such data is seen to have a greater value than normal, the attackers have possibly noted this change in demand and decided to profit from it."

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs