• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

The Division 2 on Epic Store was target of 'extraordinary' fraud in 2019 [Epic v Apple]

Guilty_AI

Guilty_AI

Member
www.pcgamer.com

Tim Sweeney apologized to Ubisoft in 2019 for 'extraordinary' Division 2 fraud on the Epic Store

Epic was forced to halt Ubisoft transactions on its storefront after Division 2 fraud rates surpassed 70%.
www.pcgamer.com www.pcgamer.com

Juicy bits:

The email chain indicates that Epic's trouble was twofold: Fake accounts were easy to make, and it couldn't deactivate games on other storefronts—the so-called "clawback" option—which meant that games remained playable through Uplay even when the associated Epic account was deactivated.

"We believe fraud to be due to account re-selling being viable," Epic COO Daniel Vogel wrote at the time. "Fraudster creates Uplay account, uses stolen CC to purchase The Division, and then sells the account. While Epic account gets disabled by chargeback, without clawback with Ubisoft the game is still available on Uplay and sold account works."

Epic's Scott Adams was blunter in his criticism of the store. "Doesn't help that we don't currently verify email address or have good account security," he wrote

The rate of fraudulent purchases reach a point that in May 2019, Epic was forced to disable purchases of The Division 2 and Anno 1800, and eventually all Ubisoft games.
Click to expand...

"In the past 48 hours, the rate of fraudulent transactions on Division 2 surpassed 70%, and was approaching 90%," Sweeney wrote on May 11, 2019, the same day Epic halted purchases on Ubisoft games. "Sophisticated hackers were creating Epic accounts, buying Ubisoft games with stolen credit cards, and then selling the linked Uplay accounts faster than we were disabling linked Uplay purchases for fraud.

"Fraud rates for other Epic Games store titles are under 2% and Fortnite is under 1%. So 70% fraud was an extraordinary situation."
Click to expand...


Email of Tim Sweeney apologizing to Ubisoft:

RYRE6GpeKP7673Qn5saUtH-970-80.jpg
 
DonJuanSchlong

DonJuanSchlong

Banned
captainraincoat said:
I agree….makes Tim Sweeney look even more of an idiot with each court release

can’t wait to see the Sony partnership terms leak…would laugh my ass off if it had a ssd clause
Click to expand...
Lmfao 🤣! At this point, I honestly wouldn't even doubt it. It seems everyone in the industry, whether in related or unrelated fields to gaming, is getting exposed or sued.

I'd love to see the Sony related deals. I bet there are some extra cringey emails that are about to get leaked soon. Let the meltdowns ensue.
 
Guilty_AI

Guilty_AI

Member
Skifi28 said:
Time for Ubisoft to return to steam? I hope it was worth it.
Click to expand...
They did got their money back from Epic.
My biggest takeaway from this is how even people at Epic admitted they didn't have good account security, and that they didn't bother improving it until a big publisher was the one actually being affected.

When i'd complain about EGS's security back then, all the people trying to defend the store at any cost would either accuse me of being a "steam fanboy" or say i was just believing conspiracy theories and spreading FUD. Well, there it is.
 
Last edited:
JCK75

JCK75

Member
I've said from day one from personal experience, Epic Games Store has always been practically nonexistant, they buy exclusives because they have zero interest in actually making their store something that can compete in any other way.
 
LordCBH

LordCBH

Member
JCK75 said:
I've said from day one from personal experience, Epic Games Store has always been practically nonexistant, they buy exclusives because they have zero interest in actually making their store something that can compete in any other way.
Click to expand...

I don’t think it’s ever been about competing with steam and offering another store front. The epic games store exists in its current form to push Fortnite hard, and how do you get even more eyeballs on it? Free games and “exclusives”.
 
BadBurger

BadBurger

Is 'That Pure Potato'
I deleted my EGS account shortly after trying out my first game on it (which ironically was The Division 2). The entire platform seemed so slapdash and amatuer, I was like there's no way my personal and possibly financial information isn't going to get stolen at this rate.
 
Holammer

Holammer

Member
Any mention of the time when EGS had its first sale and botched it so hard a bunch of publishers slammed the panic button and delisted games temporarily?
There's gotta be some interesting back and forth there.
 
KungFucius

KungFucius

King Snowflake
Guilty_AI said:
They did got their money back from Epic.
My biggest takeaway from this is how even people at Epic admitted they didn't have good account security, and that they didn't bother improving it until a big publisher was the one actually being affected.

When i'd complain about EGS's security back then, all the people trying to defend the store at any cost would either accuse me of being a "steam fanboy" or say i was just believing conspiracy theories and spreading FUD. Well, there it is.
Click to expand...
Perhaps you are a steam fanboy. This isn't about account security, it was a loophole assholes used to extract value from stolen credit card numbers. People stole credit cards and bought games then resold them. It was basically money laundering. The only one that got hurt was Ubisoft and the credit card companies. It wasn't account security it was the fact that there was an exploit that was used by people who likely used exploits elsewhere to get credit card numbers. Making it out to be about user account security just to show how right you were bitching about it when you are wrong is very fanboyish.
 
Guilty_AI

Guilty_AI

Member
KungFucius said:
Perhaps you are a steam fanboy. This isn't about account security, it was a loophole assholes used to extract value from stolen credit card numbers. People stole credit cards and bought games then resold them. It was basically money laundering. The only one that got hurt was Ubisoft and the credit card companies. It wasn't account security it was the fact that there was an exploit that was used by people who likely used exploits elsewhere to get credit card numbers. Making it out to be about user account security just to show how right you were bitching about it when you are wrong is very fanboyish.
Click to expand...
👇👇👇
Epic's Scott Adams was blunter in his criticism of the store. "Doesn't help that we don't currently verify email address or have good account security," he wrote
Click to expand...
Thus
Guilty_AI said:
My biggest takeaway from this is how even people at Epic admitted they didn't have good account security, and that they didn't bother improving it until a big publisher was the one actually being affected.
Click to expand...

Perhaps try reading past the headline next time.
 
Last edited:
ArtHands

ArtHands

Thinks buying more servers can fix a bad patch
This is what happen if you take less cut. You got a shitty unsecured barebone store.
 
JCK75

JCK75

Member
Coincedence of all Coincedences, I just this very second got an Alert from Identity Guard that another breach of EpicGames has my information leaked to the Dark Web once again (back in the early days this happened to me twice)..
luckily I had my account deleted last week for good.
 
TheThreadsThatBindUs

TheThreadsThatBindUs

Member
Guilty_AI said:
👇👇👇

Thus


Perhaps try reading past the headline next time.
Click to expand...

Improving the account security through verifying emails wouldn't have eliminated the issue. It would only have reduced it.

The other poster is right. It's primarily an issue of the detection of fraudulent purchases using stolen CCs; which is not an easy problem to solve for any company (even steam).
 
Guilty_AI

Guilty_AI

Member
TheThreadsThatBindUs said:
Improving the account security through verifying emails wouldn't have eliminated the issue. It would only have reduced it.

The other poster is right. It's primarily an issue of the detection of fraudulent purchases using stolen CCs; which is not an easy problem to solve for any company (even steam).
Click to expand...
again 👇👇👇
Epic's Scott Adams was blunter in his criticism of the store. "Doesn't help that we don't currently verify email address or have good account security," he wrote
Click to expand...
My comment isn't about the whole article, but this bit that corroborates with what i already knew. Along with the fact that they started implementing basic security measures like 2FA only after the one being affected was a big publisher. Shows where their priorities lay.
 
johntown

johntown

Banned
Guilty_AI said:
Theres more stuff actually, i'm surprised no one made threads about them yet

www.pcgamer.com

Borderlands 3 exclusivity cost Epic $115 million

That's a lot of V-bucks.
www.pcgamer.com www.pcgamer.com

www.pcgamer.com

Epic Games has spent at least $1 billion on exclusives

Previously confidential documents offer more proof of Epic’s sledgehammer approach to gaining marketshare.
www.pcgamer.com www.pcgamer.com
Click to expand...
When their total revenue is about 3 billion this does not matter as much. They expect to be losing money for a while in hope to build their store.
 
TheThreadsThatBindUs

TheThreadsThatBindUs

Member
Guilty_AI said:
again 👇👇👇

My comment isn't about the whole article, but this bit that corroborates with what i already knew. Along with the fact that they started implementing basic security measures like 2FA only after the one being affected was a big publisher. Shows where their priorities lay.
Click to expand...

How would 2FA have prevented or mitigated the issue in the OP?
 
ethomaz

ethomaz

Banned
A.Romero

A.Romero

Member
TheThreadsThatBindUs said:
Improving the account security through verifying emails wouldn't have eliminated the issue. It would only have reduced it.

The other poster is right. It's primarily an issue of the detection of fraudulent purchases using stolen CCs; which is not an easy problem to solve for any company (even steam).
Click to expand...
They mention several times that the Division 2 in particular was subject to a much much higher number of frauds due to their incapability of getting those games back (as in deactivating them). It's on another screenshot.

I don't think they are incompetent but I do think the store was launched with many key features missing due to time constraints.
 
JCK75

JCK75

Member
Other users and Reddit are reporting they have been alerted that 106 Million Epic accounts have had their information leaked onto the dark web today.. not sure why this has not reached tech news yet.. but it's pretty huge.
 
TheThreadsThatBindUs

TheThreadsThatBindUs

Member
A.Romero said:
They mention several times that the Division 2 in particular was subject to a much much higher number of frauds due to their incapability of getting those games back (as in deactivating them). It's on another screenshot.

I don't think they are incompetent but I do think the store was launched with many key features missing due to time constraints.
Click to expand...

How do you expect them to deactivate the games on another company's platform (i.e. UPlay)?

What key features can you suggest that Epic's store lacked that would have helped them mitigate this issue?
 
TheThreadsThatBindUs

TheThreadsThatBindUs

Member
Guilty_AI said:
It could have mitigated the creation of fake accounts
Click to expand...

How?

You can create software easily that generates mobile numbers. So creating a fake account with a fake mobile number for 2FA isn't a problem.

The purpose of 2FA is for account security. It does nothing to prevent fraudulent purchases on fake account creation.

Guilty_AI said:
Also, again, my comment was NOT about the whole article. How many times do i need to repeat myself?
Click to expand...

So you're just bitching generally about the Epic store and your complaints have little to do with the issue in the OP... ok

Sesame Street Idk GIF
 
Guilty_AI

Guilty_AI

Member
TheThreadsThatBindUs said:
How?

You can create software easily that generates mobile numbers. So creating a fake account with a fake mobile number for 2FA isn't a problem.

The purpose of 2FA is for account security. It does nothing to prevent fraudulent purchases on fake account creation.
Click to expand...
The more obstacles you put against possible fraudsters the better, thats how these things always work.

TheThreadsThatBindUs said:
So you're just bitching generally about the Epic store and your complaints have little to do with the issue in the OP... ok

Sesame Street Idk GIF
Click to expand...
You seem veeeery defensive for some reason my friend. Of course i was just bitching since its what we do in these forums, don't really know why you'd have a problem with that
 
TheThreadsThatBindUs

TheThreadsThatBindUs

Member
Guilty_AI said:
The more obstacles you put against possible fraudsters the better, thats how these things always work.
Click to expand...

The more obstacles you put against fradusters the more you also put against legit users. It's ALWAYS a trade-off between useability and security.

Regardless, protecting against people using stolen credit cards is essentially a payment security issue, which unless you're a bank, VISA/Mastercard/other payment issuers, it's kinda hard to pre-emptively protect against. In fact, most mitigating factors are reactive, not preventative.

Guilty_AI said:
You seem veeeery defensive for some reason my friend.
Click to expand...

Not at all. I'm just trying to understand the perceived (poor) logic of your arguments.

Guilty_AI said:
Of course i was just bitching since its what we do in these forums, don't really know why you'd have a problem with that
Click to expand...

I actually don't. I just wanted to clarify whether you intended your bitching to have anything to do with the subject matter of the thread or whether it was just plain old off-topic bitching. Turns out it was the latter.

As you were, then.
 
Last edited:
A.Romero

A.Romero

Member
TheThreadsThatBindUs said:
How do you expect them to deactivate the games on another company's platform (i.e. UPlay)?

What key features can you suggest that Epic's store lacked that would have helped them mitigate this issue?
Click to expand...

At that point they were actually working on the solution. I wish I knew the details but it is entirely possible to enable that kind of interaction.

In the screenshots I saw they specifically mention that they are working on a clawback mechanism and that because people found out they weren't losing access to the content they were exploting it more.

We will never know but I wonder if 70% of sales on Steam were also frauds.
 
Guilty_AI

Guilty_AI

Member
TheThreadsThatBindUs said:
The more obstacles you put against fradusters the more you also put against legit users. It's ALWAYS a trade-off between useability and security.
Click to expand...
Except stuff like 2fa and freaking email verification are things users are already completely used, hardly a bad trade-off.

TheThreadsThatBindUs said:
Not at all. I'm just trying to understand the perceived (poor) logic of your arguments.
Click to expand...
Sure Mr. Pigeon

TheThreadsThatBindUs said:
I actually don't. I just wanted to clarify whether you intended your bitching to have anything to do with the subject matter of the thread or whether it was just plain old off-topic bitching. Turns out it was the latter.
Click to expand...
Not exactly off-topic since i was talking about a quote in the article and something you can conclude from it.

Again, i don't know what your problem with me is mate. Epic admitted they have poor account security and i bitched about that point, not exactly advanced science.
 
Last edited:
Zeroing

Zeroing

Banned
we are getting more dirt on the gaming industry than on Apple…

Apple deserves a beating but the gaming industry is not looking good as the case goes on…if anything related to EA or Activision shows up on court… that is going to be painful/hilarious to read.
 
You must log in or register to reply here.

Similar threads

The ESRB has started slapping blockchain games with Adults Only ratings, so Epic has changed its store policy to allow them
News Business
2
741
Zathalus replied
Apple must allow other forms of in-app purchases, rules judge in Epic v. Apple
3 4 5 6 7
318
21K
IntentionalPun replied
Epic Games vs Apple in court face off INCLUDING Tim Sweeney , LIVE !!!
Drama 14 15 16 17 18
876
65K
Serouj2000 replied
Phil Spencer interview - Says that their intent is for all Xbox games, including Call of Duty, to be available on Xbox Game Pass Day One
2 3
102
6K
Kenneth Haight replied
Walmart’s unannounced cloud gaming service detailed in confidential Epic emails
25
2K
FStubbs replied
Top Bottom