Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Rael Hornby

Alleged Epic Games Store hack may include passwords and payment info — should you be worried?

Epic Games Store logo with thief peeking from behind the logo with a swag bag full of data.

Epic Games Store users may want to keep their eyes peeled on a developing story that sees a dark-web ransomware group by the name of Mogilevich claiming to have stolen nearly 200GB of data from the platform including emails, passwords, full names, payment information, and source code.

News of the potential hack comes from social media site X's Dark Web Informer, a user known for providing Cyber Threat Intelligence (CTI) to the platform to spread awareness of potential breaches to consumers and businesses after threat actors reveal their actions on the Dark Web or wider internet.

Data breaches like the one Mogilevich claims to have pulled off involve threat actors gaining access to private information before holding that information to ransom, usually until a company agrees to pay them to prevent further distribution of the stolen information.

According to BleepingComputer's Lawrence Abrams, Mogilevich is looking to sell the data for just $15K, and won't be providing evidence of the breach to anyone who isn't looking to purchase the data and show "proof of funds" in the process. Abrams believes this claim sounds fishy, and he's not alone.

What does Epic Games have to say?

In a follow-up to the news of the breach, Abrams reached out to Epic Games for comment who had the following to say: "We are investigating but there is currently zero evidence that these claims are legitimate."

Epic would also go on to state that, in a move uncommon for most threat actors looking to profit from their actions, "Mogilevich has not contacted Epic or provided any proof of the veracity of these allegations."

Outlook

Mogilevich doesn't have a long and storied history of proving its claims but has been previously linked to breaches involving Ireland's Department of Foreign Affairs and Infinity USA.

As a relatively unknown group, it's somewhat of an unknown quantity in terms of being viewed as a credible threat. However, with Epic Games having found no evidence of a breach (as of the time of writing) and with such a small ransom posted for an otherwise large sampling of stolen information, it's likely that the group could be scamming companies with fake data.

Facing the negative press or stock backlash of data breaches can be enough to force the hand of certain companies into offering up the ransom to make the problem go away fast. This could be the same case here, and if so, users have very little to be concerned about.

However, as a general rule of thumb, if a service you're subscribed to is alleged to be part of a breach, no matter how credible of a threat (and in this case, it seems that Mogilevich may be telling tall tales) it's often a great reminder to refresh your passwords on these platforms to be extra vigilant against breaches.

More from Laptop Mag

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.