Today, Electronic Arts confirmed that hackers stole a massive amount of data from the video game publisher. A dark web forum poster claimed to have obtained 780 gigabytes of data in the attack, including the source code for FIFA 21 and EA’s Frostbite game engine, used by FIFA, Madden, Battlefield, Star Wars: Squadrons and Anthem.
“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA representative said in a statement. The representative added that “no player data was accessed, and we have no reason to believe there is any risk to player privacy.” VICE first reported the attack. EA has confirmed with WIRED that it did not involve ransomware.
The EA hack is the latest in a string of high-profile video game source code leaks. Last year, Valve, Capcom, Nintendo, and Ubisoft reportedly suffered similar data breaches. And earlier this year, a ransomware attack hit Cyberpunk 2077 creator CD Projekt Red. (The developer said Thursday that it has reason to believe the data has made its way onto the internet.) Source code is an attractive target for hackers because it describes exactly how the sausage is made—why pushing this button disables that trap, or exactly where on an opponent’s head your bullet must land for optimal damage. When it lands in the wrong hands, source code has the potential to threaten the integrity of online video games, their servers, and even players’ security.
“Hackers are definitely targeting more high-profile games and companies in recent years than they had before that,” says OverkillLabs, who used to run the gaming-piracy-focused CrackWatch subreddit, “either for reputation or to prove to the big companies that their security has flaws in it, or simply to gain money from them.”
While ransomware has been the dominant theme of recent high-profile hacks, video game source code is a big-money commodity in and of itself, especially for cheat-makers. Popular cheats are often designed by injecting bits of the original game source code into another piece of software. Part of why video game companies sue cheat-makers is because they’re utilizing aspects of the game code in their illegal products. (Those suits often cite copyright infringement, or more specifically, using copyrighted code without official permission.)
“When they have access to the source code, they could easily see what makes the game function and how they could adapt their cheats to the game,” says OverkillLabs. “If the game had anti-cheat, for example, they could easily see a way around using this.”
A game leak scene member we’ll call Ridley says that shooter games like EA’s Battlefield are popular targets for cheat-makers, and therefore source code hackers. In these games, he says, “Hacks are way more meaningful,” enabling superpowers like auto-aim and the ability to see through walls.
Another use for this source code is modding. Designing tools and fan-made content is easier when fans don’t have to reverse-engineer games’ code.
Not all leaked source code is used for evil. Amateur video game historians and preservationists covet these schemas for games’ inner workings. Game companies’ increased control over their products—whether it’s digital-only downloads or forced internet connectivity—sketches out gamers who view games as cultural products. And a lot of game companies don’t have great track records keeping their own games alive. “How many times have we seen a game get taken permanently offline because the developer or publisher went under, or simply deemed it unprofitable?” says Jaycie, a gamer who collects source code.