[=PolyPixel3D;706819]
Hey, I thought I could chime in. Since its my post and security breach that caused all this concern.
I have 2 accounts. One using my support email, and another using gmail. The gmail was just my personal one i used to log into the launcher, the support is my seller account with all the important stuff.
Sunday morning at 5:13 I got 2 emails chains from both each separately saying this message:
*MagicWolf replied:
*Hello ,
Thanks for contacting Epic Games Player Support. Your email address has been updated per your request. Please don’t hesitate to contact us again if you run into any problems or questions.
This apparently was in response to an original message of just:
*
Original message
** ** wrote:
*case number #670365
Both email chains were identical, with the same case#. And one came minutes after the other. And soon after both of accounts emails were switched, 2 new accounts were made using my support and gmail.
And in both email chains, the message seems to be just ‘sent’ to my support and gmail. I checked my gmail and my hosting emails sent, nothing was sent from my emails as far as I can tell. And if it was, the only thing they messed with was just the Epic account? They could have done a LOT more harm if they had those emails, than just switching my paypal over. So I dont know what exactly happened on Epics side, but I dont think it was my email being compromised and making the request. I could be wrong, if so, id like to see the emails sent to Epic to confirm thats the case, and then id have a new bag of issues to deal with. haha
The issue was quickly resolved. One purchase was made on the account(and refunded). They switched over my paypal. Epic froze everything. Remedied the situation. And im very grateful to the team at how fast they responded. I do agree, whatever mess led to this, could have been avoided with a bit more stringent security policy. I am always in favor of more preventative measures than reactionary ones.
I never meant to throw Epic or anyone under the bus with my post, I just saw some scary stuff going down with OurMine on my account, and knew they hacked into the Unity servers only a week or two ago. So I just wanted to alert everyone of my unfortunate situation and maybe catch the issue early if it was indeed a bigger issue. Which is wasnt.
[/]
For reasons you outline here, I also don’t buy into the whole “they hacked your email” argument. Chiefly because the modus operandi in that situation is not only to change the passwords of the email (which apparently didn’t happen?), but as you said to do far more damage than just changing details on one account associated with that email. I understand that Epic doesn’t want to admit any culpability in this given how Sony was recently taken to the bank in a class action lawsuit over their negligence in protecting user information. Like you I’m not looking to throw Epic under the bus over this, but the safety of sensitive information needs to be of paramount importance - far and above their concerns for possible litigious blow back which is what these comments smell of.** Just put securities in place so this doesn’t happen again, this needs to be prioritized - not coming later in the year. ** Also this had nothing to do with logins, I’m not sure why we keep going back to that. A process needs to be put in place [MENTION=14973][/MENTION]; for Epic Support to be able to verify a person’s identity when they are requesting changes be made to an account they aren’t clearly linked to.
As for verifying their claims that the email came from your account, you should ask that they present you with evidence of that to review. I’m assuming you checked your sent folder given you were absolutely sure it didn’t come from you, but you can also contact the support line of your email host and get them to present you with a copy of every email you sent during the time period - or better yet get Epic to provide you with the dates/times that it was allegedly sent from your account. (This is assuming people will suggest you were hacked, and then the sent emails were deleted. Your email host will be able to provide you with them if that is the case.)
@SteveElbows also raises a point about the possibility spoofing the address. Every trail needs to be followed in order to properly ascertain what the precise cause was so that sufficient measures can be taken to prevent it from happening again.