Update: Epic have sent us the following statement:
“We are investigating but there is currently zero evidence that these claims are legitimate. Mogilevich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and ‘proof of funds’ to hand over the purported data.”
So it seems hopefully that the hacking group might be trying to pull a fast one, but it was always doomed to failure unless they can provide evidence.
If we get any more we will update this page further, the advice below of making sure your account has a new password and 2FA enabled still stands as good practice.
Original story below:
News is breaking that Epic Games, the publisher of Fortnite is being held to a ransomware attack by a little-known hacking group Mogilvich. While at this stage the hack is unverified according to Cyberdaily, overnight the group posted details on its darknet leak site.
The group claims to have nearly 200GB of data including, the gang says, “email, passwords, full name, payment information, source code, and many other data,“ this could turn out to be a real security threat for many people as the data is currently up for sale for an unknown amount.
Mogilvich says, “We have quietly carried out an attack to [sic] Epic Games’ servers, If you are an employee of the company or someone who would like to buy the data, click on me.”
A deadline to purchase the data outright, including Epic, is set as the 4th of March but as yet there is zero proof that they have data at all.
Generally, as with the Rhysida attack on Insomniac last year, we would expect to get file examples of just what exactly they have got and an indication of what is at stake.
Epic Games holds a lot of payment data, due to having its own Games Store and just because of the size of games like Fortnite, so this could turn into a real headache for a lot of people.
As yet, Epic has not commented but we will keep you up to date with developments.
How to secure your Epic Games account
We should take this take seriously at this stage and get ahead of the game, even without any proof, and if you have an Epic Games account, you could start by changing your password and enabling 2FA (two-factor authorization) if you haven’t already for it. Even if this attack turns out to be false, your account will be more secure, so you really should do it anyway.
As ever, and we are sure you already know, it is extremely bad practice to use the same password on multiple sites, so if your Epic password is the same as everywhere else, it might be time to spend an hour or so tightening up your personal password policy.
Who is Mogilevich?
Cyberdaily lists Mogilevich as a new threat and the Epic hack would be only its fourth, having previously hit Infiniti USA, a subsidiary of Nissan just over a week ago,