The report comes from Cyber Daily, who also broke the news of last year’s confirmed hack attack on Insomniac Games. The site claims that new ransomware group Mogilevich are the culprits, as per the screencap of a darkweb posting above, and that the hackers are now trying to get Epic or another party to pay up for the return of the data, with a deadline of 4th March.

Epic, however, say that they’ve yet to see any proof that a ransomware attack has taken place. “We are investigating but there is currently zero evidence that these claims are legitimate,” a spokesperson told Eurogamer this morning.

  • Risk@feddit.uk
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    1
    ·
    9 months ago

    In the situation that payment details are leaked - I presume one must cancel the associated card?

    • Fredselfish@lemmy.world
      link
      fedilink
      English
      arrow-up
      72
      arrow-down
      3
      ·
      9 months ago

      Good thing Epic doesn’t have my card information because I only use it for the free games. Now if this was steam I be worried.

      • 9715698@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        9 months ago

        It’s almost surprising, for good shitty EGS is, that they don’t makes you save a payment method to check out the free games.

      • Risk@feddit.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        I’m not sure if I’ve ever entered mine either. I ought to go check…

        • Blackmist@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          I can’t see any listed in the Manage Payment Management section.

          I assume I never saved them, when I bought Outer Wilds years ago.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      56
      arrow-down
      1
      ·
      9 months ago

      No, when you store your card, it doesn’t actually store the whole card details. It communicates with the payment processor and when the card is approved, it gets back a token that says “this card is valid”, so in the future they just have to send that token and the payment processor says “yup I know the card you’re talking about”.

      At least that’s how it’s supposed to be. You’re really not supposed to store card info yourself.

      • mox@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        27
        ·
        9 months ago

        That’s the ideal, but not always the case. Last time I read the PCI rules, merchants could (still) handle/store card details just as they could before the hands-off approach existed; it just required someone to attest that precautions were taken. I’m sure you can guess how foolproof that is.

      • mnemonicmonkeys
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        2
        ·
        9 months ago

        At least that’s how it’s supposed to be. You’re really not supposed to store card info yourself.

        Don’t forget that we’re talking about a company that took 3 years to add a shopping cart to their store

        • BURN@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          9 months ago

          Mine was too. We still had a couple systems using the old methods, but mostly had moved to the token system.

          You also just get laid off? They took out ~50% of the payments department at my last job

      • piecat@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        9 months ago

        Just don’t use a debit card?

        Credit cards have all sorts of consumer protections if the card gets stolen.

    • Carighan Maconar@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      3
      ·
      9 months ago

      Hrm, depends. Usually in modern online payment systems it should be impossible for the debitor to have the CVC of the card and hence leaked information could not make actual payments from it, but it could spam the card’s number with bogus payments to continuously keep it being blocked.

      In any case if you’re affected I would recommend asking your bank how to proceed, just to be on the safe side.

      • webhead@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        9 months ago

        That’s not a requirement. You can make payments without one though the odds of approval aren’t great. If the actual real card numbers got leaked, you need to cancel that card. Also if they actually leaked REAL card numbers, Epic is going to be in deep shit with the card brands.

        This article has no real details though so we’ll see. I kind of doubt this is legit.

        • dai@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          9 months ago

          I guess the answer is money, but why would you do any handling of card details in-house. Having a third party process transactions passes to some degree ensuring security onto said third party.

          I’d still doubt any risk of full card details being leaked unless the hack goes much deeper than just Epic.

      • elvith@feddit.de
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        9 months ago

        On the other hand, when steam had a leak a few years ago (where you could see other people’s account details after logging in instead of yours) my credit card got exchanged automatically by the bank, as they saw that I had used it to buy games on steam - even though in this „leak“ only the last 4 digits were leaked and nothing more

    • HeyJoe@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      4
      ·
      9 months ago

      For me I started using a service called Privacy a few years ago and haven’t looked back so far. It’s changed how I handle all online transactions. It let’s you create virtual cards that are either good once or forever and once it’s used by that merchant it’s tied to them. So if someone ever did try to charge you that wasn’t that exact merchant it gets blocked. You can set daily, and monthly limits as well and pause the card or close it whenever. So I would use this virtual card for the payment on epic and then this happens and all I do is close it out and open a new one. So far I did have 1 place that had my card charged from a place that wasn’t them. The cool part is you know who almost screwed you because of the card thats being used. It was a local pizza place and I called to let them know they probably got hacked.