Epic Games hit by 189GB hack, including login and payment info
rockpapershotgun.comI've seen this screenshot doing the rounds but the Irish Dept. of Foreign Affairs has confirmed they've seen no evidence of a breach. Not sure how common it is but perhaps just a bluff to get some Bitcoin?
7GB fits neatly on a thumb drive. Could just be a lost device.
That would still constitue a breach. Demonstrating a breach means showing info they should absolutley not have access to.
That said such Irish systems are very imperfect e.g. low wages for IT staff and there was breach/attack of the countries hospitals systems during Covid however the gov acknowledged the attach at the time. So very much possible.
I'd need to see more evidence before I'd take this claim seriously though.
But it's easily a breach that you don't notice. Does the organization track every time a file is copied, moved, or transmitted? How many lost thumb drives are there? Laptops with sensitive data have turned up on auctions sites before: https://www.nytimes.com/2020/03/17/world/europe/germany-miss...
https://arstechnica.com/information-technology/2017/10/man-f...
Wow.
It almost seems mandatory to use different purchasing emails to limit fall out, and a credit card layer in between like Apple/Google pay or plastiq.
For almost all my signups these days i use FastMail's email alias feature (built in support in 1Pass now too). I adore it.
The moment someone comes up with that for CCs with no real downside i'm signing up for them too.
Advanced Fraud Protection on the Apple Card for the CC number you type into websites changes the CVC ("three digit security code") randomly at regular intervals (I think it is at least weekly?). Also that CC number is "virtual" in that it is different than the CC number Apple Pay uses in NFC transactions and if you have the physical card different from the CC number in the magnetic stripe and different from the CC number in the EMV chip for EMV transactions. (You can't even get a CVC for any of those other numbers, so can't type them into random websites.) The entire virtual, typable CC number can also be rotated to a new CC number manually with mostly just a "button press".
Some other high end cards have also been learning from Apple Card here and moving to virtual numbers.
So far, I've seen no real downside to Apple's approach to virtual numbers and the Advanced Fraud Protection CVC rotation (which just starts to feel like a 2FA TOTP for card purchases online the way you check for the latest value after Face ID check from the app every time), and it was definitely one of the factors why I wound up signing up for Apple Card in the first place. Hopefully more of the low end cards and mainstream banks pick up the added protections, too.
Also Apple offers the privacy emails as well, though I dont recall if thats via Apple One or whatever that subscription is called.
As much as I prefer Android because it doesn' take 32 taps and swipes to do each thing compared to iPhone, the integration on the Apple side for things like these are what's keeping iPhone in my life.
I once saw a phone case that let you carry an android phone and iphone back to back. Today maybe it's more possible with remote access or an emulator.
privacy.com is that for CCs.
My card generates a new CVV every so often so this is painless.
iCloud makes it stupid simple to generate email addresses for individual services.
I do want to migrate away from Apple but for now this “just works”
fastmail has masked email and I use that pretty regularly which can do the same thing. It also apparently integrates well with existing password managers like 1password and bitwarden. I haven't used that feature myself, but maybe it would work well enough for you.
Both of these options are usable for the many and not the few.
Solutions will still require some level of buy in/committment to a platform for most users.
I have 800+ accounts managed with a password manager
Login and payment info tells me this hack is not likely. Maybe a few accounts were sprayed.
The hack was fake
Uh oh, do they have my payment info from when I bought Castle of the Winds?
What a blast from the past. That used to be my favorite game growing up. I wish it would run on modern machines semi-well.
This website keeps making the claim that it's a ransomware attack, but neither the original tweet nor Epic's response seem to back that up. Looks like a run of the mill data exfiltration to me.
Also this website has the most insane cookie consent flow I've seen yet. Shameful.