Epic Games hit by 189GB hack, including login and payment info (opens in new tab)

(rockpapershotgun.com)

25 pointskuter2y ago19 comments

19 comments

I've seen this screenshot doing the rounds but the Irish Dept. of Foreign Affairs has confirmed they've seen no evidence of a breach. Not sure how common it is but perhaps just a bluff to get some Bitcoin?

TehCorwiz2y ago

7GB fits neatly on a thumb drive. Could just be a lost device.

s_dev2y ago

That would still constitue a breach. Demonstrating a breach means showing info they should absolutley not have access to.

That said such Irish systems are very imperfect e.g. low wages for IT staff and there was breach/attack of the countries hospitals systems during Covid however the gov acknowledged the attach at the time. So very much possible.

I'd need to see more evidence before I'd take this claim seriously though.

1 more reply

j452y ago

Wow.

It almost seems mandatory to use different purchasing emails to limit fall out, and a credit card layer in between like Apple/Google pay or plastiq.

unshavedyak2y ago

For almost all my signups these days i use FastMail's email alias feature (built in support in 1Pass now too). I adore it.

The moment someone comes up with that for CCs with no real downside i'm signing up for them too.

WorldMaker2y ago

Advanced Fraud Protection on the Apple Card for the CC number you type into websites changes the CVC ("three digit security code") randomly at regular intervals (I think it is at least weekly?). Also that CC number is "virtual" in that it is different than the CC number Apple Pay uses in NFC transactions and if you have the physical card different from the CC number in the magnetic stripe and different from the CC number in the EMV chip for EMV transactions. (You can't even get a CVC for any of those other numbers, so can't type them into random websites.) The entire virtual, typable CC number can also be rotated to a new CC number manually with mostly just a "button press".

Some other high end cards have also been learning from Apple Card here and moving to virtual numbers.

So far, I've seen no real downside to Apple's approach to virtual numbers and the Advanced Fraud Protection CVC rotation (which just starts to feel like a 2FA TOTP for card purchases online the way you check for the latest value after Face ID check from the app every time), and it was definitely one of the factors why I wound up signing up for Apple Card in the first place. Hopefully more of the low end cards and mainstream banks pick up the added protections, too.

1 more reply

stavros2y ago

privacy.com is that for CCs.

xyst2y ago

My card generates a new CVV every so often so this is painless.

iCloud makes it stupid simple to generate email addresses for individual services.

I do want to migrate away from Apple but for now this “just works”

johnny222y ago

fastmail has masked email and I use that pretty regularly which can do the same thing. It also apparently integrates well with existing password managers like 1password and bitwarden. I haven't used that feature myself, but maybe it would work well enough for you.

1 more reply

greenavocado2y ago

I have 800+ accounts managed with a password manager

1970-01-012y ago

croes2y ago

The hack was fake

https://news.ycombinator.com/item?id=39586495

acheron2y ago

Uh oh, do they have my payment info from when I bought Castle of the Winds?

Kluggy2y ago

What a blast from the past. That used to be my favorite game growing up. I wish it would run on modern machines semi-well.

mvdtnz2y ago

This website keeps making the claim that it's a ransomware attack, but neither the original tweet nor Epic's response seem to back that up. Looks like a run of the mill data exfiltration to me.

Also this website has the most insane cookie consent flow I've seen yet. Shameful.

1 more reply

j / k navigate · click thread line to collapse

19 comments

s_dev2y ago

TehCorwiz2y ago

7GB fits neatly on a thumb drive. Could just be a lost device.

s_dev2y ago

That would still constitue a breach. Demonstrating a breach means showing info they should absolutley not have access to.

I'd need to see more evidence before I'd take this claim seriously though.

1 more reply

j452y ago

Wow.

It almost seems mandatory to use different purchasing emails to limit fall out, and a credit card layer in between like Apple/Google pay or plastiq.

unshavedyak2y ago

For almost all my signups these days i use FastMail's email alias feature (built in support in 1Pass now too). I adore it.

The moment someone comes up with that for CCs with no real downside i'm signing up for them too.

WorldMaker2y ago

Some other high end cards have also been learning from Apple Card here and moving to virtual numbers.

1 more reply

stavros2y ago

privacy.com is that for CCs.

xyst2y ago

My card generates a new CVV every so often so this is painless.

iCloud makes it stupid simple to generate email addresses for individual services.

I do want to migrate away from Apple but for now this “just works”

johnny222y ago

1 more reply

greenavocado2y ago

I have 800+ accounts managed with a password manager

1970-01-012y ago

croes2y ago

The hack was fake

https://news.ycombinator.com/item?id=39586495

acheron2y ago

Uh oh, do they have my payment info from when I bought Castle of the Winds?

Kluggy2y ago

What a blast from the past. That used to be my favorite game growing up. I wish it would run on modern machines semi-well.

mvdtnz2y ago

This website keeps making the claim that it's a ransomware attack, but neither the original tweet nor Epic's response seem to back that up. Looks like a run of the mill data exfiltration to me.

Also this website has the most insane cookie consent flow I've seen yet. Shameful.

1 more reply

j / k navigate · click thread line to collapse