-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
PSA: Some Epic account details have been leaked as plain text email and passwords.
- Thread starter IbizaPocholo
- Start date
IbizaPocholo
NeoGAFs Kent Brockman
Kadayi
Banned
'It's not us, it's you!!!'
Most of their audience is 12-year-olds, and they're expecting them to have the sense to set up 2 multi-factor authentication and use a # password generator/manager. I have a hard enough time trying to convince grown adults to do that sort of thing. Maybe Reset everyone's password and use your own #password generator Epic.
Last edited:
GenericUser
Member
Imagine developing one of the most advanced 3d graphics engines of the world, but being unable to do basic encryption on user passwords stored in a databse. What the fuck epic, it's like some employee must have done this on purpose to shit on the company.
dotnotbot
Member
The law requires companies to keep your data, so all they do when you delete your account is mark it as inactive. It might not save you from the leaks.
IbizaPocholo
NeoGAFs Kent Brockman
Fortnite Data Breach | Class Action Lawyer | Franklin D. Azar & Associates, P.C.
Late in 2018, Epic Games experienced a data breach relating to Fortnite accounts. Users reported accounts being stolen and their linked credit or debit card used to make fraudulent in-game purchases.
www.fdazar.com
Shifty
Member
This is what happens when you dump all your resources into maximizing fortnite skin profit and cut corners on the important stuff. Classical EpicFortnite Data Breach | Class Action Lawyer | Franklin D. Azar & Associates, P.C.
Late in 2018, Epic Games experienced a data breach relating to Fortnite accounts. Users reported accounts being stolen and their linked credit or debit card used to make fraudulent in-game purchases.
PhoenixTank
Member
When the link is a legitimate Epic Games login page, yes that is absolutely a security flaw on Epic's part. If it were a standard malicious phishing login page created by the attacker then fault would 100% be on the user.
Users do not expect official login pages to fuck them over.
Was it a widespread attack? Or a full on data breach? No but targeted phishing and xss attacks combined can be very effective.
Last edited:
It's a little bit more sophisticated than your run of the mill phishing but you would still need to be phished by clicking a link that isn't Epic games. The issue seems to have been fixed in December and they dumped the info of everyone they phished after that because they had no use for it anymore. If Epic did their due diligence these pasted accounts are useless/meaningless at this point. Both to scammers and those it affected.
The legal firm trying to phish Fortnite users is also not nice.
Last edited:
PhoenixTank
Member
A link that wouldn't be sent by Epic Games, yes. However, the address of the page sent was still an official login page on the real epicgames.com domain. Exploits like that can still earn a reasonable bounty.
As you say, fixed now, old thread and all that, even the reddit post backpedalled from "Uh oh EGS been hacked, y'all"
DeepEnigma
Gold Member
Never had an Epic account, am I okay?
H
hariseldon
Unconfirmed Member
If you're from the EU they have to delete your data on request.
ipukespiders
Member
Not really.
Kataploom
Gold Member
This is why I never store my paying method passwords in stores, I use to get notifications like "someone logged in your account from some random place in Asia" every few months from Uplay and Origins (and 2 steps verification has been problematic for me, specially in Uplay)
DeepEnigma
Gold Member
Damn, what do?
Spukc
always chasing the next thrill
type in chat epic bad
maybe safe