UPDATE: Epic has issued a statement to various websites, all of which received the same reply.
“We are investigating but there is currently zero evidence that these claims are legitimate,” an Epic Games spokesperson told Eurogamer this morning.
“[Ransomware group] Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and ‘proof of funds’ to hand over the purported data.”
ORIGINAL STORY: I’ll preface this article by advising you to change your Epic Games Store login details and to keep a careful eye on any payment methods you have linked to the store as well, just in case this the claims discussed below have any merit.
A bunch of morons by the name Mogilevich are claiming to have hacked the Epic Games Store and grabbed 189gb of data which includes “email, passwords, full name, payment information, source code and many other data”.
Epic themselves have yet to comment.
As reported by Cyber Daily, the group is new to the hacking scene and is offering to sell the data to anyone interested, including Epic themselves. No price was given however, nor has the group offered any proof that they actually have anything of value. It could simply be a scam intended to scare companies into paying the ransom, or it could be legitimate.
When Insomniac were hacked in late 2023, the group responsible quickly posted a chunk of the data as proof that what they had was real. The data was bought by various people and organisations and spread across the Internet, resulting in a massive amount of information about Insomniac, Sony and other studios becoming public information.
Mogilevich claims to have attacked 3 other organizations before this, starting with Infiniti USA. They also claim to have breached Ireland’s Department of Foreign Affairs and is currently selling that data as well. According to Mogilevich, the Infiniti USA data has been sold, and based on their wording it seems as thought it was not Nissan (who own the brand) who purchased the data.
As for the name of this hacking group, it is mostly likely taken from Semion Yudkovich Mogilevich, a man called “the most powerful and dangerous gangster in the world” by the FBI. His list of crimes is longer than I care to type out, so if you’re interested there are plenty of articles about him.
Bleepingcomputer Editor in Chief Lawrence Abrams says the group is looking for “15k” for the data and doesn’t seem inclined to believe the hack is real.
Mogilevich tells me they are selling the data for 15K and will not provide proof of the breach unless you are looking to purchase it and show “proof of funds.”
Doesn’t feel real. https://t.co/zTts0Zklfb
— Lawrence Abrams (@LawrenceAbrams) February 27, 2024
https://platform.twitter.com/widgets.js
Cybersecurity analyst Dominic Alvieri doesn’t put much stock in the claims, either. Writing on X, he said “The last ‘breach’ of Epic Games was fake and nearly the exact same data size and also claiming source code. This group has not provided one bit of data for proof, no ioc, no nothing.”
True or not, it will do absolutely no harm to change your Epic password and keep a careful eye on any of your payment information tied to the store.