With the growth of Fortnite, our development community has seen an increase in attempts by hackers to gain access to Epic accounts. This is something that we at Epic take very seriously. Our customer service teams are working tirelessly to assist everyone who has reached out about their account security, and those response times may be delayed. We are actively working on solutions to mitigate security breaches and enhance our security measures. Part of this requires your involvement in your account security, and we have outlined steps you can take to protect yourself below.
Shared Passwords
Though it’s common to use the same password across multiple Internet sites, this is a dangerous practice and should be avoided. If one of those sites is compromised, hackers can use your email and password from that site to break into your account on other sites using the same password.
Here’s what happens: Attackers frequently download password dumps - lists of username/password combinations -from third party sites and use credential stuffing to find out what other websites those credentials work on. When they are successful at logging in to those accounts, they see what trouble they can create for the account holder.
How Do I Know If I’m At Risk?
There is a fantastic web service (Have I Been Pwned) that will let you search your email address and determine if it has been part of any data breaches. If it has, you should assume that the password associated with that service is public knowledge and change all accounts that use it (not just your Epic account!)
Even if your account information hasn’t been publicly identified as leaked, it’s possible that it may be leaked in the future, so there are steps that you can do to help protect yourself against that. You can start by signing up for the Have I Been Pwned notification service so you’re immediately alerted if your email is ever included in future dumps.
What Are We Doing To Help?
At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online. While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud. However, this approach doesn’t find every impacted account, or you might have created your Epic account after we checked a particular password dump.
As a result, we’re working to further automate our process to check our account database against password dumps to close the gap on identifying impacted users and resetting their passwords. We’ve also enabled multi-factor authentication, which provides players with additional security options. The process to enable multi-factor authentication is described in greater detail further down in this article.
Use Unique Passwords
We recommend using unique passwords as a way to protect yourself from credential stuffing attacks. Having a unique password for every service will guarantee that one compromised account won’t lead to everything you own being stolen.
Of course, it can be hard to remember so many different passwords. Consider using a password manager to help. Using a password manager, you can generate a unique password for every service and only remember a single strong password (for the password manager).
Link Your Social Accounts For Extra Security
Recently, we rolled out support to integrate Facebook and Google logins with our Epic account system. This provides you several advantages.
First, you can log in without needing to use your Epic password, as long as you’re actively logged in to Facebook or Google on your browser. You’ll receive a login prompt asking you to authorize the activity and then will be let straight in.
Second, you can always use these login methods to regain access to the account in the event that it is locked due to invalid passwords. Due to the additional security measures provided through Google and Facebook login, you can set correspondingly more secure passwords for your Epic account and then not worry about using them due to the pass-through authentication with Google and Facebook.
Install And Update Antivirus
While antivirus and antimalware products won’t solve every problem, they will help keep your computer safe from a lot of threats. Epic doesn’t endorse any particular product, but you can view a list of options here along with the various features of each. Keeping your computer clean of unwanted software will again minimize the number of ways your account can be compromised.
Keep Your Computer Up To Date
You should always keep your operating system, installed software, and drivers as up to date as possible. Small bugs from outdated drivers or software can result in performance issues or other game stability issues while missed security updates could compromise your entire computer. Epic always recommends updating to the latest secure versions of software and operating systems.
Don’t Trust Shared Systems
Logging in from a shared computer (cyber cafes, libraries, a friend’s house, etc.), introduces additional risk. Only log in on shared systems controlled by people you trust. Just by logging into your account on a shared system, your credentials could be stolen and you have no real insight into how secure those machines are.
If you’ve used an untrusted shared machine in the past, we recommend changing your password to ensure that it’s not compromised. If you play on a shared machine on a regular basis, it is critical that you use a unique password for your Epic account and make sure to log out of the launcher when finished each time.
Enable Multi-factor Authentication When Possible
We’ve added Two-Factor Sign In to provide an additional security measure for your account. If you opt into Two-Factor Sign In, we will send you an email with a code after you enter your password. Enter the code from the Epic email sent to you, and then you will be logged into your account. You will be prompted for the two-factor sign in code the first time you login after enabling the feature if you use a new device, clear browser cookies, or it’s been over 30 days since you last signed in.
To opt into Two-Factor Sign In, go to your Account Settings and click on the Password & Security tab. Scroll to the bottom and click the Enable Two-Factor Sign In button.
Please note that your email must be verified before you can enable this feature.
Marketplace Sellers MUST have Multi-factor Authentication enabled
Verify Email Address
While it is currently optional, we ask that you please verify your e-mail address associated with your Epic account. This will help protect your account when we implement multi-factor authentication and make it easier for Player Support to contact you in the event of any anomalous activity with your account.