• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • The Politics forum has been nuked. Please do not bring political discussion to the rest of the site, or you will be removed. Thanks.

News The Division 2 on Epic Store was target of 'extraordinary' fraud in 2019 [Epic v Apple]

Guilty_AI

Member
Apr 12, 2020
5,174
10,612
770

Juicy bits:

The email chain indicates that Epic's trouble was twofold: Fake accounts were easy to make, and it couldn't deactivate games on other storefronts—the so-called "clawback" option—which meant that games remained playable through Uplay even when the associated Epic account was deactivated.

"We believe fraud to be due to account re-selling being viable," Epic COO Daniel Vogel wrote at the time. "Fraudster creates Uplay account, uses stolen CC to purchase The Division, and then sells the account. While Epic account gets disabled by chargeback, without clawback with Ubisoft the game is still available on Uplay and sold account works."

Epic's Scott Adams was blunter in his criticism of the store. "Doesn't help that we don't currently verify email address or have good account security," he wrote

The rate of fraudulent purchases reach a point that in May 2019, Epic was forced to disable purchases of The Division 2 and Anno 1800, and eventually all Ubisoft games.

"In the past 48 hours, the rate of fraudulent transactions on Division 2 surpassed 70%, and was approaching 90%," Sweeney wrote on May 11, 2019, the same day Epic halted purchases on Ubisoft games. "Sophisticated hackers were creating Epic accounts, buying Ubisoft games with stolen credit cards, and then selling the linked Uplay accounts faster than we were disabling linked Uplay purchases for fraud.

"Fraud rates for other Epic Games store titles are under 2% and Fortnite is under 1%. So 70% fraud was an extraordinary situation."


Email of Tim Sweeney apologizing to Ubisoft:

 

DonJuanSchlong

Spice Spice Baby
Jul 15, 2020
3,846
9,923
745
I agree….makes Tim Sweeney look even more of an idiot with each court release

can’t wait to see the Sony partnership terms leak…would laugh my ass off if it had a ssd clause
Lmfao 🤣! At this point, I honestly wouldn't even doubt it. It seems everyone in the industry, whether in related or unrelated fields to gaming, is getting exposed or sued.

I'd love to see the Sony related deals. I bet there are some extra cringey emails that are about to get leaked soon. Let the meltdowns ensue.
 
  • Empathy
Reactions: Darius87

Guilty_AI

Member
Apr 12, 2020
5,174
10,612
770
Time for Ubisoft to return to steam? I hope it was worth it.
They did got their money back from Epic.
My biggest takeaway from this is how even people at Epic admitted they didn't have good account security, and that they didn't bother improving it until a big publisher was the one actually being affected.

When i'd complain about EGS's security back then, all the people trying to defend the store at any cost would either accuse me of being a "steam fanboy" or say i was just believing conspiracy theories and spreading FUD. Well, there it is.
 
Last edited:

JCK75

Member
Apr 19, 2018
1,748
1,804
475
I've said from day one from personal experience, Epic Games Store has always been practically nonexistant, they buy exclusives because they have zero interest in actually making their store something that can compete in any other way.
 

LordCBH

Member
Jun 4, 2020
2,706
6,552
465
I've said from day one from personal experience, Epic Games Store has always been practically nonexistant, they buy exclusives because they have zero interest in actually making their store something that can compete in any other way.

I don’t think it’s ever been about competing with steam and offering another store front. The epic games store exists in its current form to push Fortnite hard, and how do you get even more eyeballs on it? Free games and “exclusives”.
 

BadBurger

Gold Member
Nov 6, 2019
4,637
7,595
610
Get vaccinated
I deleted my EGS account shortly after trying out my first game on it (which ironically was The Division 2). The entire platform seemed so slapdash and amatuer, I was like there's no way my personal and possibly financial information isn't going to get stolen at this rate.
 

Holammer

Member
Jan 3, 2019
1,825
2,522
440
Any mention of the time when EGS had its first sale and botched it so hard a bunch of publishers slammed the panic button and delisted games temporarily?
There's gotta be some interesting back and forth there.
 

KungFucius

Member
Jul 16, 2008
2,242
1,193
1,280
They did got their money back from Epic.
My biggest takeaway from this is how even people at Epic admitted they didn't have good account security, and that they didn't bother improving it until a big publisher was the one actually being affected.

When i'd complain about EGS's security back then, all the people trying to defend the store at any cost would either accuse me of being a "steam fanboy" or say i was just believing conspiracy theories and spreading FUD. Well, there it is.
Perhaps you are a steam fanboy. This isn't about account security, it was a loophole assholes used to extract value from stolen credit card numbers. People stole credit cards and bought games then resold them. It was basically money laundering. The only one that got hurt was Ubisoft and the credit card companies. It wasn't account security it was the fact that there was an exploit that was used by people who likely used exploits elsewhere to get credit card numbers. Making it out to be about user account security just to show how right you were bitching about it when you are wrong is very fanboyish.
 

Guilty_AI

Member
Apr 12, 2020
5,174
10,612
770
Perhaps you are a steam fanboy. This isn't about account security, it was a loophole assholes used to extract value from stolen credit card numbers. People stole credit cards and bought games then resold them. It was basically money laundering. The only one that got hurt was Ubisoft and the credit card companies. It wasn't account security it was the fact that there was an exploit that was used by people who likely used exploits elsewhere to get credit card numbers. Making it out to be about user account security just to show how right you were bitching about it when you are wrong is very fanboyish.
👇👇👇
Epic's Scott Adams was blunter in his criticism of the store. "Doesn't help that we don't currently verify email address or have good account security," he wrote
Thus
My biggest takeaway from this is how even people at Epic admitted they didn't have good account security, and that they didn't bother improving it until a big publisher was the one actually being affected.

Perhaps try reading past the headline next time.
 
Last edited:

Valedix

Member
Jun 29, 2017
349
864
660
Only using Epic for free games and Chiv 2, and when that comes out on Steam bah bye.
 

JCK75

Member
Apr 19, 2018
1,748
1,804
475
Coincedence of all Coincedences, I just this very second got an Alert from Identity Guard that another breach of EpicGames has my information leaked to the Dark Web once again (back in the early days this happened to me twice)..
luckily I had my account deleted last week for good.
 
  • Thoughtful
Reactions: Guilty_AI
Mar 7, 2017
3,072
6,401
520
👇👇👇

Thus


Perhaps try reading past the headline next time.

Improving the account security through verifying emails wouldn't have eliminated the issue. It would only have reduced it.

The other poster is right. It's primarily an issue of the detection of fraudulent purchases using stolen CCs; which is not an easy problem to solve for any company (even steam).
 

Guilty_AI

Member
Apr 12, 2020
5,174
10,612
770
Improving the account security through verifying emails wouldn't have eliminated the issue. It would only have reduced it.

The other poster is right. It's primarily an issue of the detection of fraudulent purchases using stolen CCs; which is not an easy problem to solve for any company (even steam).
again 👇👇👇
Epic's Scott Adams was blunter in his criticism of the store. "Doesn't help that we don't currently verify email address or have good account security," he wrote
My comment isn't about the whole article, but this bit that corroborates with what i already knew. Along with the fact that they started implementing basic security measures like 2FA only after the one being affected was a big publisher. Shows where their priorities lay.
 
  • Like
Reactions: Same ol G

johntown

Banned
Dec 27, 2010
3,761
2,393
945
East Coast
Theres more stuff actually, i'm surprised no one made threads about them yet


When their total revenue is about 3 billion this does not matter as much. They expect to be losing money for a while in hope to build their store.
 
Mar 7, 2017
3,072
6,401
520
again 👇👇👇

My comment isn't about the whole article, but this bit that corroborates with what i already knew. Along with the fact that they started implementing basic security measures like 2FA only after the one being affected was a big publisher. Shows where their priorities lay.

How would 2FA have prevented or mitigated the issue in the OP?
 

ethomaz

is mad because DF didn't do a video on a video of a video of a video on PS5
Mar 19, 2013
42,253
45,058
1,310
39
Brazil
  • Like
Reactions: Guilty_AI

A.Romero

Member
Feb 23, 2009
3,768
2,560
1,250
Mexico
www.lavejota.com
Improving the account security through verifying emails wouldn't have eliminated the issue. It would only have reduced it.

The other poster is right. It's primarily an issue of the detection of fraudulent purchases using stolen CCs; which is not an easy problem to solve for any company (even steam).
They mention several times that the Division 2 in particular was subject to a much much higher number of frauds due to their incapability of getting those games back (as in deactivating them). It's on another screenshot.

I don't think they are incompetent but I do think the store was launched with many key features missing due to time constraints.
 

JCK75

Member
Apr 19, 2018
1,748
1,804
475
Other users and Reddit are reporting they have been alerted that 106 Million Epic accounts have had their information leaked onto the dark web today.. not sure why this has not reached tech news yet.. but it's pretty huge.
 
Mar 7, 2017
3,072
6,401
520
They mention several times that the Division 2 in particular was subject to a much much higher number of frauds due to their incapability of getting those games back (as in deactivating them). It's on another screenshot.

I don't think they are incompetent but I do think the store was launched with many key features missing due to time constraints.

How do you expect them to deactivate the games on another company's platform (i.e. UPlay)?

What key features can you suggest that Epic's store lacked that would have helped them mitigate this issue?
 
Mar 7, 2017
3,072
6,401
520
It could have mitigated the creation of fake accounts

How?

You can create software easily that generates mobile numbers. So creating a fake account with a fake mobile number for 2FA isn't a problem.

The purpose of 2FA is for account security. It does nothing to prevent fraudulent purchases on fake account creation.

Also, again, my comment was NOT about the whole article. How many times do i need to repeat myself?

So you're just bitching generally about the Epic store and your complaints have little to do with the issue in the OP... ok

Sesame Street Idk GIF
 

Guilty_AI

Member
Apr 12, 2020
5,174
10,612
770
How?

You can create software easily that generates mobile numbers. So creating a fake account with a fake mobile number for 2FA isn't a problem.

The purpose of 2FA is for account security. It does nothing to prevent fraudulent purchases on fake account creation.
The more obstacles you put against possible fraudsters the better, thats how these things always work.

So you're just bitching generally about the Epic store and your complaints have little to do with the issue in the OP... ok

Sesame Street Idk GIF
You seem veeeery defensive for some reason my friend. Of course i was just bitching since its what we do in these forums, don't really know why you'd have a problem with that
 
Mar 7, 2017
3,072
6,401
520
The more obstacles you put against possible fraudsters the better, thats how these things always work.

The more obstacles you put against fradusters the more you also put against legit users. It's ALWAYS a trade-off between useability and security.

Regardless, protecting against people using stolen credit cards is essentially a payment security issue, which unless you're a bank, VISA/Mastercard/other payment issuers, it's kinda hard to pre-emptively protect against. In fact, most mitigating factors are reactive, not preventative.

You seem veeeery defensive for some reason my friend.

Not at all. I'm just trying to understand the perceived (poor) logic of your arguments.

Of course i was just bitching since its what we do in these forums, don't really know why you'd have a problem with that

I actually don't. I just wanted to clarify whether you intended your bitching to have anything to do with the subject matter of the thread or whether it was just plain old off-topic bitching. Turns out it was the latter.

As you were, then.
 
Last edited:

A.Romero

Member
Feb 23, 2009
3,768
2,560
1,250
Mexico
www.lavejota.com
How do you expect them to deactivate the games on another company's platform (i.e. UPlay)?

What key features can you suggest that Epic's store lacked that would have helped them mitigate this issue?

At that point they were actually working on the solution. I wish I knew the details but it is entirely possible to enable that kind of interaction.

In the screenshots I saw they specifically mention that they are working on a clawback mechanism and that because people found out they weren't losing access to the content they were exploting it more.

We will never know but I wonder if 70% of sales on Steam were also frauds.
 

Guilty_AI

Member
Apr 12, 2020
5,174
10,612
770
The more obstacles you put against fradusters the more you also put against legit users. It's ALWAYS a trade-off between useability and security.
Except stuff like 2fa and freaking email verification are things users are already completely used, hardly a bad trade-off.

Not at all. I'm just trying to understand the perceived (poor) logic of your arguments.
Sure Mr. Pigeon

I actually don't. I just wanted to clarify whether you intended your bitching to have anything to do with the subject matter of the thread or whether it was just plain old off-topic bitching. Turns out it was the latter.
Not exactly off-topic since i was talking about a quote in the article and something you can conclude from it.

Again, i don't know what your problem with me is mate. Epic admitted they have poor account security and i bitched about that point, not exactly advanced science.
 
Last edited:

Zeroing

Member
Sep 19, 2019
1,348
1,828
385
we are getting more dirt on the gaming industry than on Apple…

Apple deserves a beating but the gaming industry is not looking good as the case goes on…if anything related to EA or Activision shows up on court… that is going to be painful/hilarious to read.