Organizations have been a driving force behind cybersecurity awareness and training. It’s more important than ever to be up to date with cybersecurity knowledge so that attacks don’t happen on your watch.
In these special edition Cybersecurity Awareness Month articles, you’ll read about damaging attacks that happened in 2021 — and how employee actions changed the outcome.
Go slow and be suspicious!
This week, read about how the employees of Electronic Arts (EA) made a small but devastating mistake that caused harm to the company and allowed hackers to access their system.
Electronic Arts (EA) hack — Social engineering
The EA incident started when a hacker purchased a stolen cookie—and not the delicious kind. Digital cookies are small text files used to identify your computer while you use a network. This allowed them access to EA’s Slack, a communication platform for organizations.
Once inside the organization’s communication channel, the hackers used social engineering—pretending to be an employee who had lost their phone—to manipulate IT personnel into surrendering company information. EA’s IT department did not work slowly or recognize the hacker’s plea for help as suspicious behavior. Instead, they gave information to the hackers, allowing these bad actors entry into EA’s system. Over 700 GB of data were stolen
- EA stated that no player information was taken and there was no risk to player privacy.
- The hackers advertised game data for sale on underground forums. They stated that they would continue to leak information until they received a ransom.
- What is social engineering? Social engineering is when a hacker impersonates someone to gain access into an organization’s system or even their physical space.