Hackers gained access to EA's network through social engineering and stole 780GB of data including source code and game engines.
Social Engineering Attack at EA Games Leads to a Multimillion Dollar Data Breach
$10 Slack cookie used to initiate the attack which ultimately compromises 780 GB of data.
What is the attack?
Initial access was through purchasing stolen cookies for $10 on the dark web to access EA's Slack. The IT Helpdesk was socially engineered by posing as an employee with a lost phone.
Why did it get through?
Stolen cookies directly into a SaaS platform thwart the OAuth and MFA solution, bypassing perimeter defenses.
A string of suspicious events from password reset, lateral movement from Slack to more sensitive ecosystems like AWS, followed by the download of a large dataset wasn’t visible.
What is required to solve for this attack?
Continuous behavioral analysis across cloud and SaaS ecosystems to detect anomalies in user and application access and behavior.
Utilize AI-driven behavioral detection to flag anomalies especially for OAuth application changes or token use.
Correlate suspicious events across Cloud + SaaS ecosystems.