Since the staff pulled out of Discord recently I felt it necessary to post this here so that they can become aware of this.
PolyPixel reported on Discord the other day that his account was compromised, and that his payout information was changed. He initially assumed he was the victim of hacking, but today informs us that it was Epic who granted this individual control over his account. According to him, some asked Epic support to change the email address of his account and then proceeded to modify his account details. This is SERIOUS offense as the seller portal of which they were able to gain access to contains our banking, tax and address information.
And if that isn’t troubling enough, my question is how did Epic allow a total stranger to change his email to theirs through support without going through any verification of identity? He was only alerted to it after seeing Epic emails claiming to have completed his requests - when he made none. It cannot be overstated how serious this is, to allow someone access to sensitive personal information like this. On a somewhat related note, just the other day it was reported that the May Day sale email didn’t BCC the recipient list, and apparently everyone who received the email had their address revealed. I personally didn’t see this on my end, but several others have confirmed it on theirs.
Something needs to be done to protect user accounts better than they are right now, especially seller accounts as they contain very sensitive information. This is completely unacceptable.
Here are screengrabs of the discord conversations for reference: