dajer
2021-06-02T20:53:20+00:00
昨天一黑客团体入侵了ea的服务器并盗取了包括FIFA 21和寒霜引擎原代码,开发工具在内的780GB数据。VICE报道了这起入侵时间的细节:
黑客先是在网上花了10刀购买了能登录ea的slack (类似与microsoft teams一样的内部交流平台)的cookies (浏览器缓存)。然后找到IT频道,谎称自己是内部员工,以 ”在party上丢了手机“为由,获取了登录ea内网的验证码
真的是魔幻现实啊hhh,这种方便员工内部交流的平台安全隐患也挺多的
原文:
The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. EA previously confirmed the data impacted in the breach to Motherboard.
A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users, and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA's Slack using the stolen cookie. (Although not necessarily connected, in February 2020 Motherboard reported that a group of researchers discovered an ex-engineer had left a list of the names of EA Slack channels in a public facing code repository).
"Once inside the chat, we messaged a IT Support members we explain to them we lost our phone at a party last night," the representative said.
来源:[url]https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack[/url]
黑客先是在网上花了10刀购买了能登录ea的slack (类似与microsoft teams一样的内部交流平台)的cookies (浏览器缓存)。然后找到IT频道,谎称自己是内部员工,以 ”在party上丢了手机“为由,获取了登录ea内网的验证码
真的是魔幻现实啊hhh,这种方便员工内部交流的平台安全隐患也挺多的
原文:
The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. EA previously confirmed the data impacted in the breach to Motherboard.
A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users, and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA's Slack using the stolen cookie. (Although not necessarily connected, in February 2020 Motherboard reported that a group of researchers discovered an ex-engineer had left a list of the names of EA Slack channels in a public facing code repository).
"Once inside the chat, we messaged a IT Support members we explain to them we lost our phone at a party last night," the representative said.
来源:[url]https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack[/url]