EA allegedly ignored warnings from security researchers that could have prevented intruders from gaining access to its systems which resulted in a massive data breach.
Earlier this month, hackers were able to gain access to EA’s corporate network and steal about 780GB of source code, SDKs and other proprietary tools.
Israeli cybersecurity firm Cyberpion has revealed to ZDNet that it had reached out to EA last year and cautioned the company about ten times that several of its domains could be subject to takeovers.
According to Cyberpion co-founder Ori Engelberg who spoke with the news outlet, EA did not do anything to address the issues the firm had discovered even after it sent over a detailed report containing more information on the vulnerabilities along with a proof of concept.
A report published by Motherboard days after the data breach came to light revealed that the hackers responsible used stolen cookies and communication software Slack to compromise one of EA’s employees to provide a login for access into its corporate network.
Speaking with ZDNet, Engelberg recommended that organizations like EA should decommission unused subdomains in order to protect their networks from similar attacks.
Spokesperson from EA stated that the cybersecurity firm approached them about being a probable vendor. The spokesperson claimed that Cyberpion did not provide EA with a full list of vulnerabilities and was more concerned about arranging a meeting to demonstrate their techniques.