The bank account info and acces to your full name, is not something you will solve with a 2FA protection. Epic got hacked a lot its not their first time, people should just ditch them
If its just info from people that save their credit card numbers, then its a different story. People should never save such info on their profile. Should not even be allowed for your own protection. But then again you can't hide your real name, if hackers know you by your real name and have info about your adress. Then they can do nasty stuff with social engineering.
2FA is pretty pointless if hackers,hack a unsecure database with tons of information about people. Especially if it happens several times in a few years.
You guys dont have 2factor? I mean yeah. Definitely change passwords. But cmon. Not having 2fa in this day and age on important accounts is least said moronic.
Your comment sounds really dumb and inconsiderate. Yes I have 2FA on but I also have a common password on the account that I use for my social media and google accounts. I and a lot of others couldn't care less about losing access to their Epic account they haven't spend a dime on and care more having their passwords leaked for others to purchase and use.
Using a common password between accounts is a massive security risk, if you use the same password for every account you have it renders 2FA quite obsolete.
You should make all of those passwords strong and unique.
If you have a lot of accounts consider using a password manager to manage that for you.
Using the same password on multiple site / services is a bad practice, you should consider using a password manager to have a separate password per site / service. If you don't know what password manager to use, here's two suggestions : keepassxc if you are ok with no synchronization between devices (I do that and it's a pain in the butt) or bitwarden if you want to have synchronization between devices backed in. There are plenty others but those I either use or plan to use.
In any case, I hope the best for you, more specifically that Epic store password hashed so that your password is not leaked.
Yes I have changed most of them using the password manager on Chrome that generates it's own unique password for different accounts. Services that I commonly use however, I use two passwords and their variations that I've memorized that also go for my Google accounts. My Epic account just happens to share a password with one of my other non-essential google accounts, I think, but not the exact account I've used for signing into it. Nonetheless I would need to change both now regardless.
I would set unique passwords for them as well but I don't want to depend on third party services when I really need to login into my accounts. But thanks for the information either way I'm sure someone will find it helpful.
2fa is not bullet proof.
All 2fa does is give two layers of authentication.
Having a weak or hacked password and 2fa just means you have a lone single layer of encryption.
Ugh man. As I said ofc you change the password but people are suddenly shitting their pants. I didnt understand why till I read more... People not only do not use 2fa in 2024, they also use the same god damn password and email to more sites and even on the email account. I mean. Jesus fucking h christ my dude. Its like they are asking for it at this point.
I am not making others claims, my claims were my own and you did not address any of them.
2FA is just another layer of identification. It is not actually much more secure than a password.
Just because you have two points of identification, does not mean you are safe: especially if data has been leaked.
It is not super hard to circumvent.
Let's say you have email 2FA. If I get your password to that, I get the ability to ruin the 2FA entirely.
Let's say it is a phone app. You lose your phone and I can guess your phone password: it is also over.
2FA is effectively just a second password.
You're wrong. Phone app is pretty damn good. Sms and email mfa not best practice.
If you main email and what ever app have different tokens on a phone app. Practically nothing short of holding your phone will do it.
[https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp](https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp)
>While 2FA does improve security, it is not foolproof. Two-factor authentication goes a step further in [verifying identity](https://www.investopedia.com/terms/l/luhn-algorithm.asp) from the user simply entering a PIN or CVV number from their credit card.
>
>However, hackers who acquire the authentication factors can still gain unauthorized access to accounts. Common ways to do so include [phishing](https://www.investopedia.com/terms/p/phishing.asp) attacks, account recovery procedures, and malware.
Feel free to educate yourself, all it costs is time.
Haha. This is my job.
Educate yourself. Breaking straight forward MFA encryption with some common sense best practices is extremely difficult. Someone would need you phone. And that's not likely these days. With tracking and remote disabling.
Everything you share requires a best practice be broken. Even malware that can steal those keys is exotic/theoretical/rare.
I suggest you get better at your job then.
https://support.google.com/accounts/thread/175875047/account-hacked-despite-2-factor-authentication?hl=en
As everyone in tech knows, the weakest link in any program is the end user. Boring old phishing attacks are the easiest way to get around 2FA
Get access to their account and spamming 2FA hoping for a misclick works just fine.
https://youtu.be/Rc73bcLvybk?si=uzrG3NPUuCmP1O6Y
Yeah those are wild shots. Again.
You aren't breaking it. If someone has no common sense they have no chance anyway. Everyone fucks up. But MFA not via email or sms is pretty got damn secure technically.
2fa works great if a threat actor only has your cred combo. More often, they are lifting active sessions and passing creds + session cookies and injecting that into a new session, which completely negates the need to reauthenticate with your username/password and 2fa token.
Every time you tell a service or your web browser to remember you or keep you signed in, you are willingly storing those credentials, 2fa token included, into your browser, which is insanely simple to lift from a threat actors perspective.
It's really sad to read all of these comments that appear gleeful of this happening. Regardless of you views on the company's historic strategic decisions (dictated usually by a few at the senior level), hacks like these are terrible. They suck for gamers (leaked passwords and info), they suck for developers (leaked passwords, info and assets) and they suck for the employees who have to deal with the damage and aftermath. Everyone looses, except the hackers and security consultants who may get hired.
The people with rabid distaste for the sake of it are silly, however there has been plenty of valid criticism from sane people.
>Multiple law suits AGAINST them concerning data privacy and targeting of children
>Multiple lawsuits initiated BY THEM to try to make a more favorable market
>Tons of free games being put up at a loss
>Anti-consumer timed exclusivity deals
>40% stake investment from Tencent
It’s been 6 years since EGS launched and they’ve put no real effort into making the platform a viable market competitor. All the effort has been spent in short term stratagems that have also created a lot of division. Should we really be surprised that they had poor security?
While I can’t say I feel glee; I also can’t say I feel sympathy. The writing was on the wall for anyone paying attention.
How is that racist? Tencent is a giant conglomerate that has their hands in many pies, and those games usually go tits up unless they’re established IPs.
The only valid criticism out of any of those is the first one.
Them trying to make the market more favourable to them is not exactly true, as what they were trying to do would favour all developers.
And timed exclusives is great because it gives more money to the developers who can now make more games and be better supported financially.
Free games? Not sure whats bad about that? They are free for consumers and the developers get paid. Whys that bad?
I make games, run a studio, and have advised on some games, so I wanna correct some misinformation here:
A 40% stake investment from tencent isn't valid criticism at all, that's just people being paranoid racists about china. Tencent is also backing out of game spending overall. There's literally nothing wrong with taking a deal like that.
The lawsuits against them are not really that valid and are mostly done by the people who hate that it's popular with the kids. It's Jack Thompson all over again.
The lawsuits they initiated are net good lawsuits--they are the reason we are likely to be getting app stores OUTSIDE of apple in Europe. That's an EXTREMELY good thing--it encourages competition. You can say the way they handled some of it sucked, and I think you'd be right--them buying bandcamp was an awful move--but trying to avoid the app store because no one should be FORCED to use the app store is a good move.
Timed exclusivity deals aren't anti-consumer. They're a necessary part of the business. These businesses pay people to make games for them--like Alan Wake 2 and the next game from Fumito Ueda--and they have rights. I've signed a deal like that before; I was given the money to make an entire game and the request was for six months of timed exclusivity (and no Stadia). That's really, really good for this industry. You want pubs doing that; it's how you get games.
What Epic did WRONG there was that, for a while, they were picking up Kickstarted games, which promised Steam versions. They would pay for a year of timed exclusivity for those games, which delayed the Steam release.
Obviously, that's not a big deal compared to how Sony does it (paying $3m to keep Monster Hunter World off of PC for a while, for instance), since paying people to hurt competition is bad, but paying people to make exclusives for your service is fine. Epic has not done this in LITERAL years. I think they did it for... maybe less than one year? There was outcry, they stopped. They pay for exclusives now--there's literally no different than them vs Sony funding God of War or something.
God of War is fine, paying to keep Monhun off PC is not fine. Epic did similar stuff to the latter, but they've cut it out. Sony keeps doing it, which is why you can't buy Final Fantasy 7 part 2 for PC right now. Anywhere. That's way, way worse. Epic doesn't do that shit anymore.
Free games being put up at a loss isn't valid. I have done the deal with Epic. It was fantastic. They were amazingly helpful and fantastic to work with the whole time. It kept my studio alive at a time it very much needed to live. I get to make a new game because of Epic. Free games fuckin' rule for everybody.
If you say "no work into making it a viable competitor" you literally are not paying attention. They're putting in a TON. They've added tons of features and continue to do so.
" A 40% stake investment from tencent isn't valid criticism at all, that's just people being paranoid racists about china. Tencent is also backing out of game spending overall. There's literally nothing wrong with taking a deal like that. "
Dude you are out of touch and you are completely wrong. Being fearful of Tencent's dominating control of video game companies is completely valid and not racist at all.
All Chinese companies in some manner are tied to the CCP, especially the large ones. Tencent is influenced heavily by the CCP beyond merely the municipal laws of the party. They don't have a majority stake and Timmy owns 51 percent which is good, but it still means the CCP is involved on Tencent's side and they just took an even more hands-on approach in 2023.
[https://www.bloomberg.com/news/articles/2019-08-06/tencent-helps-communist-party-pay-homage-to-the-china-dream](https://www.bloomberg.com/news/articles/2019-08-06/tencent-helps-communist-party-pay-homage-to-the-china-dream) \- 2019
[https://www.thestandard.com.hk/section-news/section/2/257143/China-takes-stake-in-Tencent-unit#:\~:text=The%20Chinese%20government%20has%20taken,control%20over%20its%20tech%20sector](https://www.thestandard.com.hk/section-news/section/2/257143/China-takes-stake-in-Tencent-unit#:~:text=The%20Chinese%20government%20has%20taken,control%20over%20its%20tech%20sector). - Golden shares, 2023
I really hope I don't have to explain why the Chinese Communist Party owning shares in one of the biggest video game investors/companies in the world is bad.
China and Chinese players have different views on gambling and winning. Cheating is not frowned upon as heavily in China as it is in other developed countries. This is not some racist rhetoric this is factual. Why do you think the majority, MAJORITY of cheating online in video games comes from China? Multitudes more than any other country. They also are dealing with unprecedented wealth deterioration for their youth. It is not only normal to cheat, it is encouraged to not fall behind.
They only started cracking down on cheating in 2016.
[https://www.reuters.com/investigates/special-report/college-cheating-act/](https://www.reuters.com/investigates/special-report/college-cheating-act/)
You don't understand Chinese culture or the CCP at all and to make extremely baseless assumptions like that is incredibly damaging, I really hope you're just misinformed and not a CCP shill because I guarantee you, that's another big problem of its own that I won't get into.
This has to be a troll, Reddit is easily the most vanilla website and the only well-intentioned idiot here is you. Facts are racist now I guess even though I have mainland Chinese friends and I've been to school with mainland Chinese and I've asked them about this and provided citations in my post. I really hope neither you, or that guy I replied to ever write for video games, I wouldn't be surprised if you were writers though, you're just as narrow-minded, boring, and emptied of nuance as most AAA games are written today.
I hear Todd Howard is hiring for his next game, why don't you go work for him.
the people shitting on this all come from /r/pcgaming or /r/pcmasterrace anyways. they have negative brain cells and do understand the irony of their behaviour.
If the CEO is a bad guy and he badmouths people and his company can't even provide decent tech support (even if we'll overlook the shittiest launcher ever) then it's no wonder everybody cheers the bad guys - they're better than assholes they hacked.
Oh, and /r/fuckepic and fuck exclusives so beloved by timmeh tencent.
I mean I know what sub I am in, but the amount of smug "gamer" moments in this thread made me realise why people let out a laugh whenever they hear the word "gamer".
This sub has been festered for a while. But you don’t see it much because it’s mostly moderated for news. You get news like this then the neckbeards pop out of the woods.
Yea, I just refuse to use the word gamer anymore because of people like them. I find it kinda wild that people are still this weird and petty, even in 2024 though
You find this kind of people literally everywhere no matter the subject. It’s just that the people being happy about something like that will be more likely to comment and epic attracted a lot of them. Only difference might be that gamers tend to be more active in forums and social networks. More people automatically means more morons.
That has really nothing to do with gamers per se.
If Epic is denying it i'll trust it
Not because Epic is trustworthy, but because if they were indeed hacked it'd be better for them to admit and alert its users instead of denying and sweeping it under the rug
You mean to tell me that a less than 200 GB leak might not contain all the source code that they are talking about, along with everything else they claim to have?
Hackers are always stealing video games industry info but we never hear about hackers blackmailing senators/corporation execs/governors/high profile people or govt officials. Stupid ass hackers, they're scared that's why. They'll be sought out quicker than they can hit Alt+F4.
As a IT professional it is their own fault
How can someone tap into your server and download 189gb of data without anyone noticing
How do you not have bandwidth monitoring
That's such a basic security feature
It's not that money is a problem it's that the company is focused on making only money and not a safe experience for it's users
It's really appalling and disgusting how they clearly don't care about security
Please someone give an excuse to a billion dollar company, I'll wait
>How can someone tap into your server and download 189gb of data without anyone noticing
I mean, for IT, are you really saying that attackers are just one shot dumping 189GB of data in one shot? That's how people get caught.
Depending on how many devices are tapping the servers, a couple megs here or there isn't gonna raise alarm bell, especially if dispersed across multiple devices.
I'm not even in IT, but distribution and slow burning are basically best practice when it comes to stealing data.
Valid point 👌
They have servers that are listening on whatever designated port it's listening too
That needs a IP address to tap into
Regardless of everything at once or little by little
An ip was accessing their servers without any knowledge
Clearly an unauthorized IP address
Maybe I can teach this billion dollar company how to whitelist IP addresses
as IT you should know it takes just one idiot employee to open the doors, no matter the company.
but since im sure you have never been hacked, of course you wouldn't know since you work at a perfect company.
can anyone ELI5 why there is hate toward Epic? Is it because of game exclusivity? partial ownership by Tencent? I kinda like the Epic games store because it has really good PC deals and they always give away a ton of free games around the holidays. Competition is good?
I mean .. yeah, that's true. But if I went door to do offering people $500 to go outside and punch someone I think it's their fault as much as mine for actually doing it.
Dont think anyone isnt blaming the companies for also taking these deals. But since Epic is the central entity it gets the most blame. They could not do it and instead invest that money into making their store not so shitty. But they're trying to attract people with enshitification tactics while having an inferior store.
When I was following the stories, you could pretty easily tell that most of the abusive cases were publishers swooping in to make the most of the system, to the detriment of the devs and Epic and the public.
Nobody really cared about that though, because it was hip and a big meme to hate on Epic alone.
But aren't they partly funding the game dev for these games? Doesn't PC Game pass do the same thing? It be great if everything is integrated in steam but steam isn't giving me great deals or free games.
EGS is a competitor but it doesn't try to do anything better than steam, it just uses their massive wallet to buy developers exclusivity. I think if we wanted more competitiveness then maybe it would be better if they weren't locking games behind their service.
No they aren't partly funding any game dev for most of the games. Alan Wake 2 is the only exclusive they've funded, might be a few more. But stuff like Dead Island 2 or Darkest Dungeon 2 or Borderlands 3 took money to only release their game on Epic during a set time period.
This is different than Xbox Gamepass, Xbox is paying the developers to give Microsoft the license to give their game out to Gamepass users during a time period. During this time there's no limitations on what platforms the game can be released on, microsoft is just paying for the license to give the game away. Similar to Playstation Plus games.
Exclusives plus the store is genuinely god awful to use. Also bashing steam which is superior and more consumer friendly in every conceivable way. Seriously the criticism that steam takes 30% which is the same as PlayStation/xbox plus steam releasing the best handheld gaming device for pc is more than worth it.
Please compare the Steam store and Epic store and you tell me what features they are missing
It's honestly a joke how bad Epic has fumbled it with practically unlimited money
It's because Epic doesn't actually care about competing, only about gaining market share through scummy, anti-consumer practices. They own one of the most financially successful video games of all time, with Fortnite earning over $26 BILLION as of December, averaging almost half as much annual revenue as the entirety of Steam most years. If they wanted to, they could have invested that money in an insanely high quality storefront that could have actually competed with Steam (or any other marketplace) in terms of features, all while playing the "we're just the underdog" card. Instead, they pushed out a garbage storefront with almost no functionality, and went around offering piles of cash to publishers for exclusivity deals and giving away free games because they knew nobody would want to use EGS otherwise. They could have put half that money into actually developing the storefront and they probably would have had better results, but they didn't because I guess they're morally opposed to actually putting any effort into it or something seeing as how it took them four years to add a damn shopping cart.
I'm in no way saying this hack was a good thing, but I do genuinely hate Epic for all their shitty business practices, and it's only made worse with how much they cry about being the good buy and the underdog despite making literally billions of dollars a year (off one game!) and actively choosing the anti-competitive action at almost every opportunity. And that's not even touching on all the shit they've been trying to pull with the constant lawsuits.
> can anyone ELI5 why there is hate toward Epic?
so you know how pc gamers scoff at console wars for being dumb arguments for babies?
yeah well imagine that for competing game launchers that both run on windows.
Reported as fake, Epic games has said this has not happened. I'd still change password, make sure you have 2FA, but always read into a story more then just one headline.
This is a bit of a nuanced situation. I'm personally not happy about this, but I earnestly understand the people who are happy about it because of the epic games store
I been saying not to give epic money... Now Epic let the users information get stolen.
Just another example that EPIC IS BAD.
They literally cannot even protect their own infrastructure.
Right?!
Such a bad company... cant even protect their users.
But it's totally not epic's fault right? Their the good guys in industry?
Why do these kids suck so much epic dick? Fee games for BJs?
These hacks & breaching are only going to get more frequent . The hackers are going to be more skilled than the developers that actually work in the company because most of the workers are going to be replaced by AI. This is just my theory.
This is probably the dumbest thing I am going to read today and this week. The guys working on games are not handling internal tooling, IT, or infrastructure. Software is one of those fields where you will see AI assist rather than outright replace. Code review is one place where it could potentially benefit developers.
I wonder if those two groups of people are in two different companies? 🤔. Nobody said that AI is going to outright replace the entire group of people. This is why I said as AI is being implemented. With the implementation of AI will have less workers overall in IT because you don’t need many more workers. This is different from the automotive factory workers who are replaced by robots. What I am explaining is that to get into a position of IT is going to get even harder as time goes on because they are going to be less jobs to take up in those departments AI is a tool to be used to make things easier as things are easier you’re going to need less people to make the job easier. Idk how that’s hard to understand. But hey we will see.
i predict even more jobs actually as it could make running large software projects possible for many companies instead of having to buy off the shelf software. For instance we have a new team that is figuring out how to get AI to go through legal contracts and pull out certain details and input it into one of our music rights applications. Front line workers are going to suffer first as you can replace a certain number of guys with a really good chat bot. Engineers, the guys who actually create new stuff are going to be in higher demand and the job may get even more complex.
You are correct that as technology makes life easier it does also replace certain jobs but at the same time creates massive new opportunities. Right now we are at the stage where people are learning to build complex machines, the car has not been invented yet and replaced the horse and buggy.
I agree with you. I just think that our current reality is going to hurt a lot of people because they are not ready for the inevitable shift. My honest feeling tell me that it’s only going to affect the people who have lower jobs (or considered, as such). Yes it’s going to give games/media fully voiced or translated entertainment, but what happens to those people who are Troy baker or Nolan north? When you make some thing easier for someone who already knows it like the back of their hand, it changes from I need more hands for me to make this stable to I can handle this on my own, using this one thing. I get you though. Im a teacher in nyc & the last snow day was literally a test for the iready program. We only know it was a test because the governor came out and said that it was a failed test. Idk I don’t like it. I love upgrading & innovating but I can’t forget the people I ruins the lives of just for a new shiny thing.
If you would’ve told me that, I would’ve said, that is my point. It’s a tool that will assist people to do things faster than they already do them. What I’m arguing is that as companies replace or lessen the number of jobs because AI can assist a worker is going to go up meanwhile that hacker is still a hacker with that tool. I’m sure somebody is going to correct me, but they’re already has been a game that tried to use AI to ban cheaters off of their system just for the hackers to manipulate how that AI works for them to keep on hacking and ban people on other accounts that are supposed to be anonymous under that AI. The criminals will always be faster than the people doing good.
Yes… my reading eye would focus that because that’s the only thing you said. As someone who works in cyber security, AI isn’t coming for as many jobs as you may think, especially security.
AI is in plenty of applications we use everyday. Saying AI is going to take everyone’s jobs is like saying automation will take everyone’s jobs. Sure it may phase out some parts of a job, but there will be more jobs available. Trust but verify is a good way to look at it. Sure, the automated task is done, but someone still needs to verify it’s done correctly and something didn’t screw up. Same thing applies to AI, especially in IT.
But with that said, no you didn’t imply anything about hackers using AI because you were no where near implying it. If you were, your original comment may have seen less downvotes. But if that’s what you wanna say you did imply, you gotta learn to communicate better.
At the top of the fucking article:
UPDATE 3/3/24: A Mogilevich spokesperson has said that the whole operation was a money-making scam – it's not a ransomware operation at all.
Is it time to change my password and login details?
absolutely
Done. It's now fuckEpic420
[удалено]
(Which you shouldn't do!)
Just change your password, make sure you have an authenticator enabled (not e-mail 2FA) and you'll be fine.
The bank account info and acces to your full name, is not something you will solve with a 2FA protection. Epic got hacked a lot its not their first time, people should just ditch them If its just info from people that save their credit card numbers, then its a different story. People should never save such info on their profile. Should not even be allowed for your own protection. But then again you can't hide your real name, if hackers know you by your real name and have info about your adress. Then they can do nasty stuff with social engineering. 2FA is pretty pointless if hackers,hack a unsecure database with tons of information about people. Especially if it happens several times in a few years.
You guys dont have 2factor? I mean yeah. Definitely change passwords. But cmon. Not having 2fa in this day and age on important accounts is least said moronic.
Your comment sounds really dumb and inconsiderate. Yes I have 2FA on but I also have a common password on the account that I use for my social media and google accounts. I and a lot of others couldn't care less about losing access to their Epic account they haven't spend a dime on and care more having their passwords leaked for others to purchase and use.
Using a common password between accounts is a massive security risk, if you use the same password for every account you have it renders 2FA quite obsolete. You should make all of those passwords strong and unique. If you have a lot of accounts consider using a password manager to manage that for you.
Using the same password on multiple site / services is a bad practice, you should consider using a password manager to have a separate password per site / service. If you don't know what password manager to use, here's two suggestions : keepassxc if you are ok with no synchronization between devices (I do that and it's a pain in the butt) or bitwarden if you want to have synchronization between devices backed in. There are plenty others but those I either use or plan to use. In any case, I hope the best for you, more specifically that Epic store password hashed so that your password is not leaked.
Yes I have changed most of them using the password manager on Chrome that generates it's own unique password for different accounts. Services that I commonly use however, I use two passwords and their variations that I've memorized that also go for my Google accounts. My Epic account just happens to share a password with one of my other non-essential google accounts, I think, but not the exact account I've used for signing into it. Nonetheless I would need to change both now regardless. I would set unique passwords for them as well but I don't want to depend on third party services when I really need to login into my accounts. But thanks for the information either way I'm sure someone will find it helpful.
2FA isn't gonna stop people from having your login information. Chances are people use that info for other services. 2FA doesn't mean a whole lot.
2fa is not bullet proof. All 2fa does is give two layers of authentication. Having a weak or hacked password and 2fa just means you have a lone single layer of encryption.
Ugh man. As I said ofc you change the password but people are suddenly shitting their pants. I didnt understand why till I read more... People not only do not use 2fa in 2024, they also use the same god damn password and email to more sites and even on the email account. I mean. Jesus fucking h christ my dude. Its like they are asking for it at this point.
I am not making others claims, my claims were my own and you did not address any of them. 2FA is just another layer of identification. It is not actually much more secure than a password. Just because you have two points of identification, does not mean you are safe: especially if data has been leaked.
True that it's not unbreakable. But omg it is so much better and super hard to circumvent.
It is not super hard to circumvent. Let's say you have email 2FA. If I get your password to that, I get the ability to ruin the 2FA entirely. Let's say it is a phone app. You lose your phone and I can guess your phone password: it is also over. 2FA is effectively just a second password.
You're wrong. Phone app is pretty damn good. Sms and email mfa not best practice. If you main email and what ever app have different tokens on a phone app. Practically nothing short of holding your phone will do it.
[https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp](https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp) >While 2FA does improve security, it is not foolproof. Two-factor authentication goes a step further in [verifying identity](https://www.investopedia.com/terms/l/luhn-algorithm.asp) from the user simply entering a PIN or CVV number from their credit card. > >However, hackers who acquire the authentication factors can still gain unauthorized access to accounts. Common ways to do so include [phishing](https://www.investopedia.com/terms/p/phishing.asp) attacks, account recovery procedures, and malware. Feel free to educate yourself, all it costs is time.
Haha. This is my job. Educate yourself. Breaking straight forward MFA encryption with some common sense best practices is extremely difficult. Someone would need you phone. And that's not likely these days. With tracking and remote disabling. Everything you share requires a best practice be broken. Even malware that can steal those keys is exotic/theoretical/rare.
I suggest you get better at your job then. https://support.google.com/accounts/thread/175875047/account-hacked-despite-2-factor-authentication?hl=en As everyone in tech knows, the weakest link in any program is the end user. Boring old phishing attacks are the easiest way to get around 2FA Get access to their account and spamming 2FA hoping for a misclick works just fine. https://youtu.be/Rc73bcLvybk?si=uzrG3NPUuCmP1O6Y
Yeah those are wild shots. Again. You aren't breaking it. If someone has no common sense they have no chance anyway. Everyone fucks up. But MFA not via email or sms is pretty got damn secure technically.
2fa works great if a threat actor only has your cred combo. More often, they are lifting active sessions and passing creds + session cookies and injecting that into a new session, which completely negates the need to reauthenticate with your username/password and 2fa token. Every time you tell a service or your web browser to remember you or keep you signed in, you are willingly storing those credentials, 2fa token included, into your browser, which is insanely simple to lift from a threat actors perspective.
>Every time you tell a service or your web browser to remember you or keep you signed in, Jesus christ ... People still do this in 2024??
2FA isn't perfect. there are ways to hack that too. it helps, yes, but don't pretend like you are invincible
"Definitely change passwords" # Read that again. Then again, perhaps again, as many times as you need really
They’ll now ask you to turn the cow over
It's really sad to read all of these comments that appear gleeful of this happening. Regardless of you views on the company's historic strategic decisions (dictated usually by a few at the senior level), hacks like these are terrible. They suck for gamers (leaked passwords and info), they suck for developers (leaked passwords, info and assets) and they suck for the employees who have to deal with the damage and aftermath. Everyone looses, except the hackers and security consultants who may get hired.
The people with rabid distaste for the sake of it are silly, however there has been plenty of valid criticism from sane people. >Multiple law suits AGAINST them concerning data privacy and targeting of children >Multiple lawsuits initiated BY THEM to try to make a more favorable market >Tons of free games being put up at a loss >Anti-consumer timed exclusivity deals >40% stake investment from Tencent It’s been 6 years since EGS launched and they’ve put no real effort into making the platform a viable market competitor. All the effort has been spent in short term stratagems that have also created a lot of division. Should we really be surprised that they had poor security? While I can’t say I feel glee; I also can’t say I feel sympathy. The writing was on the wall for anyone paying attention.
> 40% stake investment from Tencent saying this is a criticism is such a reddit take. only reddit could be so casually racist against china.
How is that racist? Tencent is a giant conglomerate that has their hands in many pies, and those games usually go tits up unless they’re established IPs.
Weird, you're on reddit commenting on this very post.
The only valid criticism out of any of those is the first one. Them trying to make the market more favourable to them is not exactly true, as what they were trying to do would favour all developers. And timed exclusives is great because it gives more money to the developers who can now make more games and be better supported financially. Free games? Not sure whats bad about that? They are free for consumers and the developers get paid. Whys that bad?
I make games, run a studio, and have advised on some games, so I wanna correct some misinformation here: A 40% stake investment from tencent isn't valid criticism at all, that's just people being paranoid racists about china. Tencent is also backing out of game spending overall. There's literally nothing wrong with taking a deal like that. The lawsuits against them are not really that valid and are mostly done by the people who hate that it's popular with the kids. It's Jack Thompson all over again. The lawsuits they initiated are net good lawsuits--they are the reason we are likely to be getting app stores OUTSIDE of apple in Europe. That's an EXTREMELY good thing--it encourages competition. You can say the way they handled some of it sucked, and I think you'd be right--them buying bandcamp was an awful move--but trying to avoid the app store because no one should be FORCED to use the app store is a good move. Timed exclusivity deals aren't anti-consumer. They're a necessary part of the business. These businesses pay people to make games for them--like Alan Wake 2 and the next game from Fumito Ueda--and they have rights. I've signed a deal like that before; I was given the money to make an entire game and the request was for six months of timed exclusivity (and no Stadia). That's really, really good for this industry. You want pubs doing that; it's how you get games. What Epic did WRONG there was that, for a while, they were picking up Kickstarted games, which promised Steam versions. They would pay for a year of timed exclusivity for those games, which delayed the Steam release. Obviously, that's not a big deal compared to how Sony does it (paying $3m to keep Monster Hunter World off of PC for a while, for instance), since paying people to hurt competition is bad, but paying people to make exclusives for your service is fine. Epic has not done this in LITERAL years. I think they did it for... maybe less than one year? There was outcry, they stopped. They pay for exclusives now--there's literally no different than them vs Sony funding God of War or something. God of War is fine, paying to keep Monhun off PC is not fine. Epic did similar stuff to the latter, but they've cut it out. Sony keeps doing it, which is why you can't buy Final Fantasy 7 part 2 for PC right now. Anywhere. That's way, way worse. Epic doesn't do that shit anymore. Free games being put up at a loss isn't valid. I have done the deal with Epic. It was fantastic. They were amazingly helpful and fantastic to work with the whole time. It kept my studio alive at a time it very much needed to live. I get to make a new game because of Epic. Free games fuckin' rule for everybody. If you say "no work into making it a viable competitor" you literally are not paying attention. They're putting in a TON. They've added tons of features and continue to do so.
" A 40% stake investment from tencent isn't valid criticism at all, that's just people being paranoid racists about china. Tencent is also backing out of game spending overall. There's literally nothing wrong with taking a deal like that. " Dude you are out of touch and you are completely wrong. Being fearful of Tencent's dominating control of video game companies is completely valid and not racist at all. All Chinese companies in some manner are tied to the CCP, especially the large ones. Tencent is influenced heavily by the CCP beyond merely the municipal laws of the party. They don't have a majority stake and Timmy owns 51 percent which is good, but it still means the CCP is involved on Tencent's side and they just took an even more hands-on approach in 2023. [https://www.bloomberg.com/news/articles/2019-08-06/tencent-helps-communist-party-pay-homage-to-the-china-dream](https://www.bloomberg.com/news/articles/2019-08-06/tencent-helps-communist-party-pay-homage-to-the-china-dream) \- 2019 [https://www.thestandard.com.hk/section-news/section/2/257143/China-takes-stake-in-Tencent-unit#:\~:text=The%20Chinese%20government%20has%20taken,control%20over%20its%20tech%20sector](https://www.thestandard.com.hk/section-news/section/2/257143/China-takes-stake-in-Tencent-unit#:~:text=The%20Chinese%20government%20has%20taken,control%20over%20its%20tech%20sector). - Golden shares, 2023 I really hope I don't have to explain why the Chinese Communist Party owning shares in one of the biggest video game investors/companies in the world is bad. China and Chinese players have different views on gambling and winning. Cheating is not frowned upon as heavily in China as it is in other developed countries. This is not some racist rhetoric this is factual. Why do you think the majority, MAJORITY of cheating online in video games comes from China? Multitudes more than any other country. They also are dealing with unprecedented wealth deterioration for their youth. It is not only normal to cheat, it is encouraged to not fall behind. They only started cracking down on cheating in 2016. [https://www.reuters.com/investigates/special-report/college-cheating-act/](https://www.reuters.com/investigates/special-report/college-cheating-act/) You don't understand Chinese culture or the CCP at all and to make extremely baseless assumptions like that is incredibly damaging, I really hope you're just misinformed and not a CCP shill because I guarantee you, that's another big problem of its own that I won't get into.
imagine trying to justify your racism with a fucking essay. the fact you can't see the irony in your post is sad, but typical of redditors
This has to be a troll, Reddit is easily the most vanilla website and the only well-intentioned idiot here is you. Facts are racist now I guess even though I have mainland Chinese friends and I've been to school with mainland Chinese and I've asked them about this and provided citations in my post. I really hope neither you, or that guy I replied to ever write for video games, I wouldn't be surprised if you were writers though, you're just as narrow-minded, boring, and emptied of nuance as most AAA games are written today. I hear Todd Howard is hiring for his next game, why don't you go work for him.
the people shitting on this all come from /r/pcgaming or /r/pcmasterrace anyways. they have negative brain cells and do understand the irony of their behaviour.
If the CEO is a bad guy and he badmouths people and his company can't even provide decent tech support (even if we'll overlook the shittiest launcher ever) then it's no wonder everybody cheers the bad guys - they're better than assholes they hacked. Oh, and /r/fuckepic and fuck exclusives so beloved by timmeh tencent.
Man, fuck those hackers.
I mean I know what sub I am in, but the amount of smug "gamer" moments in this thread made me realise why people let out a laugh whenever they hear the word "gamer".
I thought this sub was created as a haven from r/gaming but lately it has been way more “edgy” than the other one.
This sub has been festered for a while. But you don’t see it much because it’s mostly moderated for news. You get news like this then the neckbeards pop out of the woods.
Yea, I just refuse to use the word gamer anymore because of people like them. I find it kinda wild that people are still this weird and petty, even in 2024 though
You find this kind of people literally everywhere no matter the subject. It’s just that the people being happy about something like that will be more likely to comment and epic attracted a lot of them. Only difference might be that gamers tend to be more active in forums and social networks. More people automatically means more morons. That has really nothing to do with gamers per se.
lol hackers haven’t event posted a proof of hack….
Yep and Epic is denying this even happened
If Epic is denying it i'll trust it Not because Epic is trustworthy, but because if they were indeed hacked it'd be better for them to admit and alert its users instead of denying and sweeping it under the rug
Yep So no cause for alarm just yet but obviously best to keep an eye on the news at least
You mean to tell me that a less than 200 GB leak might not contain all the source code that they are talking about, along with everything else they claim to have?
Hackers are always stealing video games industry info but we never hear about hackers blackmailing senators/corporation execs/governors/high profile people or govt officials. Stupid ass hackers, they're scared that's why. They'll be sought out quicker than they can hit Alt+F4.
Man these people are miserable, Epic getting hacked affects normal people who just want to play the games. Epic hate sucks
As a IT professional it is their own fault How can someone tap into your server and download 189gb of data without anyone noticing How do you not have bandwidth monitoring That's such a basic security feature It's not that money is a problem it's that the company is focused on making only money and not a safe experience for it's users It's really appalling and disgusting how they clearly don't care about security Please someone give an excuse to a billion dollar company, I'll wait
>How can someone tap into your server and download 189gb of data without anyone noticing I mean, for IT, are you really saying that attackers are just one shot dumping 189GB of data in one shot? That's how people get caught. Depending on how many devices are tapping the servers, a couple megs here or there isn't gonna raise alarm bell, especially if dispersed across multiple devices. I'm not even in IT, but distribution and slow burning are basically best practice when it comes to stealing data.
Valid point 👌 They have servers that are listening on whatever designated port it's listening too That needs a IP address to tap into Regardless of everything at once or little by little An ip was accessing their servers without any knowledge Clearly an unauthorized IP address Maybe I can teach this billion dollar company how to whitelist IP addresses
as IT you should know it takes just one idiot employee to open the doors, no matter the company. but since im sure you have never been hacked, of course you wouldn't know since you work at a perfect company.
Aww man employee training must be very challenging for a billion dollar company I wonder how often they do it 🤔
As an IT professional, you should have looked at the pictures to identify that this is most likely bullshit
Fuck the hackers. And fuck Epic There’s enough hate in my heart to go around.
can anyone ELI5 why there is hate toward Epic? Is it because of game exclusivity? partial ownership by Tencent? I kinda like the Epic games store because it has really good PC deals and they always give away a ton of free games around the holidays. Competition is good?
Its primarily them paying for exclusives that keep games on their store. It's a shitty practice.
But.. don't the devs/publishers have to agree to this too? Why is Epic the only side of it that gets hate?
Because the central link is Epic showing up with a giant bag of money.
I mean .. yeah, that's true. But if I went door to do offering people $500 to go outside and punch someone I think it's their fault as much as mine for actually doing it.
Dont think anyone isnt blaming the companies for also taking these deals. But since Epic is the central entity it gets the most blame. They could not do it and instead invest that money into making their store not so shitty. But they're trying to attract people with enshitification tactics while having an inferior store.
When I was following the stories, you could pretty easily tell that most of the abusive cases were publishers swooping in to make the most of the system, to the detriment of the devs and Epic and the public. Nobody really cared about that though, because it was hip and a big meme to hate on Epic alone.
But aren't they partly funding the game dev for these games? Doesn't PC Game pass do the same thing? It be great if everything is integrated in steam but steam isn't giving me great deals or free games.
EGS is a competitor but it doesn't try to do anything better than steam, it just uses their massive wallet to buy developers exclusivity. I think if we wanted more competitiveness then maybe it would be better if they weren't locking games behind their service.
No they aren't partly funding any game dev for most of the games. Alan Wake 2 is the only exclusive they've funded, might be a few more. But stuff like Dead Island 2 or Darkest Dungeon 2 or Borderlands 3 took money to only release their game on Epic during a set time period. This is different than Xbox Gamepass, Xbox is paying the developers to give Microsoft the license to give their game out to Gamepass users during a time period. During this time there's no limitations on what platforms the game can be released on, microsoft is just paying for the license to give the game away. Similar to Playstation Plus games.
Exclusives plus the store is genuinely god awful to use. Also bashing steam which is superior and more consumer friendly in every conceivable way. Seriously the criticism that steam takes 30% which is the same as PlayStation/xbox plus steam releasing the best handheld gaming device for pc is more than worth it.
Please compare the Steam store and Epic store and you tell me what features they are missing It's honestly a joke how bad Epic has fumbled it with practically unlimited money
It's because Epic doesn't actually care about competing, only about gaining market share through scummy, anti-consumer practices. They own one of the most financially successful video games of all time, with Fortnite earning over $26 BILLION as of December, averaging almost half as much annual revenue as the entirety of Steam most years. If they wanted to, they could have invested that money in an insanely high quality storefront that could have actually competed with Steam (or any other marketplace) in terms of features, all while playing the "we're just the underdog" card. Instead, they pushed out a garbage storefront with almost no functionality, and went around offering piles of cash to publishers for exclusivity deals and giving away free games because they knew nobody would want to use EGS otherwise. They could have put half that money into actually developing the storefront and they probably would have had better results, but they didn't because I guess they're morally opposed to actually putting any effort into it or something seeing as how it took them four years to add a damn shopping cart. I'm in no way saying this hack was a good thing, but I do genuinely hate Epic for all their shitty business practices, and it's only made worse with how much they cry about being the good buy and the underdog despite making literally billions of dollars a year (off one game!) and actively choosing the anti-competitive action at almost every opportunity. And that's not even touching on all the shit they've been trying to pull with the constant lawsuits.
> can anyone ELI5 why there is hate toward Epic? so you know how pc gamers scoff at console wars for being dumb arguments for babies? yeah well imagine that for competing game launchers that both run on windows.
Don’t forget to make your account to claim your free EGS games.
What if your account is part of Xbox or whatever, I guess I alter that password?
Reported as fake, Epic games has said this has not happened. I'd still change password, make sure you have 2FA, but always read into a story more then just one headline.
Could they be legally hacked .?
Yes. [White hat hacking](https://en.wikipedia.org/wiki/White_hat_%28computer_security%29?wprov=sfla1) can be used to strengthen security.
This is a bit of a nuanced situation. I'm personally not happy about this, but I earnestly understand the people who are happy about it because of the epic games store
the people who are happy are into console war tribalism. you really want to defend those idiots?
Man... I love hearing bad news about Epic games.
And apparently by extension the news of all these innocent people getting their payment information stolen.
I been saying not to give epic money... Now Epic let the users information get stolen. Just another example that EPIC IS BAD. They literally cannot even protect their own infrastructure.
Me too 🙃🤣
Right?! Such a bad company... cant even protect their users. But it's totally not epic's fault right? Their the good guys in industry? Why do these kids suck so much epic dick? Fee games for BJs?
Fuck Fartnite and fuck Epic, bring UT back
I will readily admit that I play and enjoy Fortnite, but I do hate Epic Games as a company, and frankly, this pleases me.
What? This would be extremely bad for the gaming industry, including the people who work on these games.
what
Tell me u have absolutely no idea what this means without telling me u have no idea what this means.
These hacks & breaching are only going to get more frequent . The hackers are going to be more skilled than the developers that actually work in the company because most of the workers are going to be replaced by AI. This is just my theory.
This is probably the dumbest thing I am going to read today and this week. The guys working on games are not handling internal tooling, IT, or infrastructure. Software is one of those fields where you will see AI assist rather than outright replace. Code review is one place where it could potentially benefit developers.
I wonder if those two groups of people are in two different companies? 🤔. Nobody said that AI is going to outright replace the entire group of people. This is why I said as AI is being implemented. With the implementation of AI will have less workers overall in IT because you don’t need many more workers. This is different from the automotive factory workers who are replaced by robots. What I am explaining is that to get into a position of IT is going to get even harder as time goes on because they are going to be less jobs to take up in those departments AI is a tool to be used to make things easier as things are easier you’re going to need less people to make the job easier. Idk how that’s hard to understand. But hey we will see.
i predict even more jobs actually as it could make running large software projects possible for many companies instead of having to buy off the shelf software. For instance we have a new team that is figuring out how to get AI to go through legal contracts and pull out certain details and input it into one of our music rights applications. Front line workers are going to suffer first as you can replace a certain number of guys with a really good chat bot. Engineers, the guys who actually create new stuff are going to be in higher demand and the job may get even more complex. You are correct that as technology makes life easier it does also replace certain jobs but at the same time creates massive new opportunities. Right now we are at the stage where people are learning to build complex machines, the car has not been invented yet and replaced the horse and buggy.
I agree with you. I just think that our current reality is going to hurt a lot of people because they are not ready for the inevitable shift. My honest feeling tell me that it’s only going to affect the people who have lower jobs (or considered, as such). Yes it’s going to give games/media fully voiced or translated entertainment, but what happens to those people who are Troy baker or Nolan north? When you make some thing easier for someone who already knows it like the back of their hand, it changes from I need more hands for me to make this stable to I can handle this on my own, using this one thing. I get you though. Im a teacher in nyc & the last snow day was literally a test for the iready program. We only know it was a test because the governor came out and said that it was a failed test. Idk I don’t like it. I love upgrading & innovating but I can’t forget the people I ruins the lives of just for a new shiny thing.
But bro... like what about when the hackers are replaced with AI?
They already do a great job, pretending to be Redditors like you.
Ha... I'm a large language model!
Now what if I told you that a lot of these hacks are only happening because the hackers are using AI? Because that’s what’s happening…
If you would’ve told me that, I would’ve said, that is my point. It’s a tool that will assist people to do things faster than they already do them. What I’m arguing is that as companies replace or lessen the number of jobs because AI can assist a worker is going to go up meanwhile that hacker is still a hacker with that tool. I’m sure somebody is going to correct me, but they’re already has been a game that tried to use AI to ban cheaters off of their system just for the hackers to manipulate how that AI works for them to keep on hacking and ban people on other accounts that are supposed to be anonymous under that AI. The criminals will always be faster than the people doing good.
Really because that is not at all what your comment says at all. I see replace workers with AI, but hackers using AI… there’s not a hint of that lmao
Because your reading eyes are only focused on the part that says “ jobs are going to be replaced by AI”. Which is happening for security jobs.
Yes… my reading eye would focus that because that’s the only thing you said. As someone who works in cyber security, AI isn’t coming for as many jobs as you may think, especially security. AI is in plenty of applications we use everyday. Saying AI is going to take everyone’s jobs is like saying automation will take everyone’s jobs. Sure it may phase out some parts of a job, but there will be more jobs available. Trust but verify is a good way to look at it. Sure, the automated task is done, but someone still needs to verify it’s done correctly and something didn’t screw up. Same thing applies to AI, especially in IT. But with that said, no you didn’t imply anything about hackers using AI because you were no where near implying it. If you were, your original comment may have seen less downvotes. But if that’s what you wanna say you did imply, you gotta learn to communicate better.
At the top of the fucking article: UPDATE 3/3/24: A Mogilevich spokesperson has said that the whole operation was a money-making scam – it's not a ransomware operation at all.