Tuvano
102158
1874
50
Don't save your CC Info online
Epic Games (who run Fortnite) has had some kind of security breach in the last month or so. I'm assuming it was just a list of account email addresses since accounts are being locked out after numerous incorrect log-ins from brute force attacks. Compromised accounts with credit card information stored are being used to upgrade Russian (yes, Russian) copies of the game. People are being charged anywhere from 25$ to 200$ and Epic Games has yet to publicly address the issue. Log in and delete your CC info and make sure your password is strong and you have two-step authentication enabled.
DarthStridious
Yup I just got locked out but have epic account due to I am a game programmer so even if they broke in nothing there
corporalpunt
Happened to my account as well. Cost me 190€. Epic has yet to answer my refund request (after two weeks).
DigiRust
I got an email today saying my account was locked. If you play on console your Epic Account would not have any payment info stored right?
beerlady
Darsh
kingfish15
Yeah I just had my shit taken 200 bucks sucks cause I'm in Vegas but I'm getting a new card and my money back so yay
lurker314
Are they using SMS for the 2FA? If so, no good.
TonicImmobility
Source?
Abracadabra21
If you go onto the front couple of pages of their reddit it has been full of people posting issues for weeks.
Netskimmer
+1 for awareness.
GrimlockPrimeZ
Took me like 2 or 3 weeks just to get a reply back.
BlackHartMTB
Jokes on them! I got no money.
MightyIink
I never played that dumb crap anyway, its just another fad like pokemon go.
ZaggaTheCleric
I legit just put it on less than 4 hours ago to buy that starter pack
Demitger
This was on the 12th of this month. https://kotaku.com/fortnite-players-are-getting-fraudulent-charges-for-hun-1823698792
PiGiSpi
PLayed for the first time yesterday! It just gave me extreme anxiety as I hid inside a random house and listened to the footsteps outside
TheRoyalMK
Source?
CanadianCobraChicken
Put Two-Factor on after this. Guess who has 30+ e-mails about my "Two-Factor code"?
plainoldfool
Looks like my strategy of being a cheap bastard and playing for free (no cc associated with my account) paid off. Sure, my gear is the (1)
plainoldfool
equivalent of showing up to the slopes in rental skies and boots.
Rimok224
Also ya know Epic games is trash in general
btraqnasty
Did the Russian hackers also make the game really boring and time consuming?
TenzVi
Epic games is aware of false charges to accounts affected, but if you have concerns and unhandled false transactions
TenzVi
please fill free to contact epic games to have these resolved. No security is completely secure, as do agree on not card info
MediaMuerte
Idk why everyone thinks all hackers are russian. Russia is just a good place for proxies because their country doesn't give a shit
davesrandomstuff
I don't like to link cards, PayPal etc. to any gaming accounts. I feel like it's just asking for trouble.
davesrandomstuff
I remember Sony locked some PSN accounts after an error at PayPal put through chargebacks.
davesrandomstuff
Sony in general aren't great at dealing with fraud on PSN.
davesrandomstuff
Where possible I'll buy store credit for PSN etc. and then use that.
PartMetalAlchemist
Roshiro
What pisses me off about this is that camera guy could totally do something if they wanted
IGoByMeme
yeah I wouldn't want to
punksdad
Not sure if Epic breach, or if they're just trying emails/passwords from other breaches. DON'T RE-USE PASSWORDS, PEOPLE.
punksdad
I got a notice last night that my account was locked from too many attempts; logged in an changed my password via EnPass to randomness.
punksdad
Note that I don't play Fortnite, I think I had the account from the UT alpha.
punksdad
Nobody's reading this thread, are they?
StormheartKing
Do you know if this is an issue for console players? I'm on PS4 so I go through the PS Store to buy but hope my account is okay.
Alavar
After these things happen just do what i do man. Buy cards with cash. Refuse to keep my card on psn or xbox or anything.
Cheomesh
Of course Russian.
minipancho94
Actually CC may be better than a debit card with online shit. Most credit cards will side with the customer and cancel fraudulent shit 1/2
minipancho94
Sooner and more effectively than your bank will. With a debit card it can take weeks to get refunded if you even get your money back 2/2
Makardia
Debit cards are governed by regulation e which requires a decision within 10 business days. Say it’s unauthorized and ask for an expedite.
Toobatee
+1, haven't played fortnight in months but my account has been locked several times. This explains a lot.
ObliviousStranger
Just checked my account also... aaaand it's locked
NZSheeps
Tell us your password and we'll check it for you.
NoseyMommafoo
MyDogIsSmarterThanYourHonorsStudent
I've been getting that a lot, so I clicked the contact us and wrote an email inquiring and they replied with "this email isn't monitored"
Mercenarity
Best part is when companies deny breaches. (blizzard, looking at you)
wa27
Guessing user logins is not a breach or even a failing on Epic's part. People should use unique passwords.
FreakinSatan
Same. I guess my password must be pretty secure because they haven't broken in yet. Just deleted my card info on it though
DarkZalgo
Depending on how you look at it, I'm lucky enough to have my IP banned from epic games because of an accident.
TheRicM
Yo dawg, I heard you haven't played Fortnite for several fortnights now
SovietRusalka
Damn, you fortright
bj52398
Gonna need a Montage.
DistortionMaster
Sports movie montage
Kanyes
MONTAGE!!!!!!!!
ActuallyACateArmyOfficialDoNotWhistleAboutIt
Mortgage*
KarlOkladek
Even Rocky had a montage
Deanscream
Always fade out in a montage
SomeDetroitGuy
I lead software development teams fora financial company. InfoSec drills it into our heads - encrypted in transit, encrypted at rest.
IndianTechSupport41
What's your opinion on GenSec
3ventic
The problem here is rampant password reuse and little to no confirmation to make payments beyond "you're logged in and have CC saved".
The701
That's nice....brb, gonna go hire someone with only a music degree to run our server security division...
sultin
Iknowthatreference.fpg
theendissneer
I understand that reference.gif
infaredbeam
I really want to know that reference, please let me be in the cool group!
vowofloudness
What makes you think anything was not encrypted at rest here?
MisterDildy
If it was encrypted at rest and they broke the encryption, that company has alot more to worry about than just the accounts
vowofloudness
There's no reason to think anything was stolen from Epic. Hackers are trying email/password combos that were leaked years ago.
Argondey
If the information is encrypted, the breach announcement tends to happen well before anything gets unencrypted.
Argondey
passwords will eventually be broken even if hashed, but it will happen over the course of years and not all at once
vowofloudness
Exactly what happened. Now, years later, hackers use those email/pass combos on Epic accounts and succeed because their security is shit.
Argondey
the other thing is credit card info should probably be stored separately from login info. the full card #s shouldn't be retrievable either.
vowofloudness
Credit cards aren't leaking. Once they break into an account, they use it to buy items and codes which they immediately resell.