EA Admits 40,000 Users Were Hacked After Whistleblower Steps Forward

Electronic Arts has recently come under fire after a whistleblower went to Kotaku in order to express misappropriation by the publisher regarding a forum hack that compromised more than 40,000 users. Originally, the whistleblower made the information known on a Reddit post called “Of Corruption in the Australian Games Industry” following the strong call for transparency and disclosure from the #GamerGate movement.

The Reddit thread, posted on September 9th, 2014, pointed out a number of allegedly corrupt practices within the games media industry over in Australia.

Wishing to remain anonymous, the former games journalist wrote that...

“During my tenure at a large publisher, our community forum was hacked, and the information of over 40,000 members (including names, and email addresses) was downloaded and stolen. The publisher suppressed this information. When my contract had expired I approached a writer about this, and he declined to publish the story because he was close friends with people who work at this publisher and the publisher’s local office.”

The forum board in question was Firemonkeys; the developers for Real Racing 3.

This information was later taken to Kotaku Australia, who then looked into the claims and found that the dates match-up with a known a Vbulletin exploit that occurred on September 8th, 2013 by an individual calling himself “Shadow Haxor”. This information was corroborated by Zone-H, with Kotaku writing...

On Zone-H hackers will typically post proof of successful hacks in the form of mirrors. Shadow Haxor has claimed responsibility for over 750 hacks over the course of the last two years, one of which – he/she claims — was the Firemonkeys forums.

This also ties into a September 9th tweet from Firemonkeys who stated that the forum had been taken offline on September 9th.

Kotaku then contacted Electronic Arts about the breach to confirm if the hack did indeed occur. Electronic Arts had a press representative issue the following response...

“EA Firemonkeys became aware of a cyber attack on a stand-alone Firemonkeys forum in September 2013,“Firemonkeys took immediate action by shutting down the forums and taking the server in question offline to prevent potential misuse. An investigation determined that a small number of customer email addresses were potentially obtained, but revealed no evidence of other information being accessed including passwords, names, security questions, payment information or any other sensitive data that could permit access to an online account. To be clear, no EA systems or databases were affected outside of the singular Firemonkeys forum. Firemonkeys took swift and appropriate action under the circumstances to address the issue.”

Tangentially, the whistleblower also pointed out that certain relationships within the industry prevented people from being objective or taking responsibility due to being in a “clique”. The individual stated that there are many ties within games media to companies like Electronic Arts, who do not disclose these kind of relationships that could work against the better interests of readers and potential consumers.

One website was explicitly named in the Reddit post, AusGamers, as having a very close-tie to EA that did not disclose the relationship to the public, stating that it works against the interests of the website. One of the members of the website came forward to make it known that they are not partaking in any kind of collusion with EA and that they are not involved in any kind of corrupt behavior, even though they are married to a representative of EA.

I reached out to AusGamers and received the following response [due to the volatile nature of the current climate, the names will not be disclosed for now], to which the writer stated...

“The relationship policy we applied to ourselves when my wife took on the role was simple: work remains work, our personal lives never come into question because of it and therefore I don’t cover any EA-related content on the site. We have a freelance team who actively does this on behalf of AusGamers because we are a gaming site first and foremost and need to cover games. We’ve never conspired or colluded with EA for favourable coverage…”

The Reddit post names various other websites and alleges other forums of conduct that they feel should be disclosed to readers. Regarding the events surrounding #GamerGate and a call for more transparency and disclosure, sites like Destructoid and The Escapist, along with Kotaku and Polygon, have come forward to public address how disclosure and transparency works between writers and those they cover in the industry.

You can read the entire post relating to the Australian games media by visiting Reddit.

Will Usher

Staff Writer at CinemaBlend.