Thanks for the heads up. I never use my epic account so I just started the process to have my account deleted.
This is what happens when you dump all your resources into maximizing fortnite skin profit and cut corners on the important stuff. Classical EpicFortnite (Data Breach)
Overview Late in 2018 Epic Games experienced a data breach relating to Fortnite accounts. Users reported accounts being stolen and their linked credit or debit card used to make fraudulent in-game purchases. Hackers then sold those accounts, loaded up with in-game purchases, for a profit on the...www.fdazar.com
When the link is a legitimate Epic Games login page, yes that is absolutely a security flaw on Epic's part. If it were a standard malicious phishing login page created by the attacker then fault would 100% be on the user.Looking at the exploit it seems it requires the user to click on a malicious link then login. I don't see how that is some big security flaw and no wonder only 597 accounts were pasted on pastebin out of the millions of accounts Epic has.
It's a little bit more sophisticated than your run of the mill phishing but you would still need to be phished by clicking a link that isn't Epic games. The issue seems to have been fixed in December and they dumped the info of everyone they phished after that because they had no use for it anymore. If Epic did their due diligence these pasted accounts are useless/meaningless at this point. Both to scammers and those it affected.When the link is a legitimate Epic Games login page, yes that is absolutely a security flaw on Epic's part. If it were a standard malicious phishing login page created by the attacker then fault would 100% be on the user.
Users do not expect official login pages to fuck them over.
Was it a widespread attack? Or a full on data breach? No but targeted phishing and xss attacks combined can be very effective.
A link that wouldn't be sent by Epic Games, yes. However, the address of the page sent was still an official login page on the real epicgames.com domain. Exploits like that can still earn a reasonable bounty.It's a little bit more sophisticated than your run of the mill phishing but you would still need to be phished by clicking a link that isn't Epic games.
The law requires companies to keep your data, so all they do when you delete your account is mark it as inactive. It might not save you from the leaks.
Never had an Epic account, am I okay?
Not really.
type in chat epic badDamn, what do?