Epic Games allegedly hacked by ransomware gang
The company denies evidence of breach
A ransomware gang, identifying itself as the Mogilevich group, claims to have infiltrated Epic Games' servers, gaining access to a trove of sensitive data.
Mogilevich, a Russian name, said it had exfiltrated a massive 189 gigabytes of sensitive data, including email credentials, passwords, payment details and even source code.
According to news outlet Cyber Daily, the hackers are currently advertising the pilfered data for sale on a darknet leak site, setting a deadline of 4th March for potential buyers to secure the information.
"If you are an employee of the company or someone who would like to buy the data, click on me," a hyperlink on the group's darknet leak site said.
However, take that with a pinch of salt: Mogilvich has provided no concrete evidence to substantiate its claims.
In a typical ransomware incident, the attackers present proof-of-hack materials and file examples to underscore both the severity of the breach and the stakes involved. Thus far, Mogilvich's failure to provide any evidence casts doubt on its claims.
That said, the potential ramifications of a successful ransomware attack on Epic Games are significant, given the company's vast user base and the substantial amount of payment data it holds.
If Mogilvich really has beached Epic's servers, hundreds of thousands of people's personal information may be compromised.
"Zero evidence"
Epic Games has vehemently denied the claims, saying there is no evidence of a breach.
"We are investigating but there is currently zero evidence that these claims are legitimate," Epic Games said.
"Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations."
The company says it began efforts to establish communication with Mogilevich after seeing a screenshot of the dark web page promoting the alleged breach. However, it received no response, further undermining the credibility of the claims.
Cyber Daily says it reached out to a representative of the Mogilevich extortion group, asking if they could share proof of the attack.
The representative said they are demanding a ransom of $15,000 for the stolen data and would share samples only with individuals who demonstrated "proof of funds."
"For clueless and retarded journalists, I'd like to tell you that we're not asking EpicGames for $15,000 ransom, that's the price that's going to sell," the gang - apparently taking a page from the Trump/Musk media relations book - stated on its leak post, according to Cyber Daily.
"For those who are even more jerks I would like to say that the evidence is private to minimise scams, people could use the samples to impersonate my group, that's why we show the evidence to people that prove they really have the money to afford it. So, do you think it's fake? Send me a proof of funds of 15k and you'll see."
Despite the childlike nature of the post, Mogilevich has recently emerged as a notable ransomware threat; Epic Games marks its fourth alleged victim. Previously, the group has targeted Infiniti USA, a subsidiary of Nissan.
The incident comes amidst a recent surge in ransomware attacks targeting high-profile video game developers.
Notably, Insomniac Games, the studio behind PlayStation's Spider-Man, fell victim to a similar attack, resulting in the exposure of employee details and development plans when the company refused to pay the ransom.
Similarly, the 2020 Capcom hack saw confidential employee information and details of upcoming games leaked online, prompting law enforcement action against the perpetrators in October of last year.
Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.