No announcement yet.

Protecting Your Epic Account

This topic is closed.
This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

    Protecting Your Epic Account

    With the growth of Fortnite, our development community has seen an increase in attempts by hackers to gain access to Epic accounts. This is something that we at Epic take very seriously. Our customer service teams are working tirelessly to assist everyone who has reached out about their account security, and those response times may be delayed. We are actively working on solutions to mitigate security breaches and enhance our security measures. Part of this requires your involvement in your account security, and we have outlined steps you can take to protect yourself below.

    Shared Passwords

    Though it’s common to use the same password across multiple Internet sites, this is a dangerous practice and should be avoided. If one of those sites is compromised, hackers can use your email and password from that site to break into your account on other sites using the same password.

    Here’s what happens: Attackers frequently download password dumps - lists of username/password combinations -from third party sites and use credential stuffing to find out what other websites those credentials work on. When they are successful at logging in to those accounts, they see what trouble they can create for the account holder.

    How Do I Know If I’m At Risk?

    There is a fantastic web service (Have I Been Pwned) that will let you search your email address and determine if it has been part of any data breaches. If it has, you should assume that the password associated with that service is public knowledge and change all accounts that use it (not just your Epic account!)

    Even if your account information hasn’t been publicly identified as leaked, it’s possible that it may be leaked in the future, so there are steps that you can do to help protect yourself against that. You can start by signing up for the Have I Been Pwned notification service so you’re immediately alerted if your email is ever included in future dumps.

    What Are We Doing To Help?

    At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online. While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud. However, this approach doesn’t find every impacted account, or you might have created your Epic account after we checked a particular password dump.

    As a result, we’re working to further automate our process to check our account database against password dumps to close the gap on identifying impacted users and resetting their passwords. We’ve also enabled multi-factor authentication, which provides players with additional security options. The process to enable multi-factor authentication is described in greater detail further down in this article.

    Use Unique Passwords

    We recommend using unique passwords as a way to protect yourself from credential stuffing attacks. Having a unique password for every service will guarantee that one compromised account won’t lead to everything you own being stolen.

    Of course, it can be hard to remember so many different passwords. Consider using a password manager to help. Using a password manager, you can generate a unique password for every service and only remember a single strong password (for the password manager).

    Link Your Social Accounts For Extra Security

    Recently, we rolled out support to integrate Facebook and Google logins with our Epic account system. This provides you several advantages.

    First, you can log in without needing to use your Epic password, as long as you’re actively logged in to Facebook or Google on your browser. You’ll receive a login prompt asking you to authorize the activity and then will be let straight in.

    Second, you can always use these login methods to regain access to the account in the event that it is locked due to invalid passwords. Due to the additional security measures provided through Google and Facebook login, you can set correspondingly more secure passwords for your Epic account and then not worry about using them due to the pass-through authentication with Google and Facebook.

    Install And Update Antivirus

    While antivirus and antimalware products won’t solve every problem, they will help keep your computer safe from a lot of threats. Epic doesn’t endorse any particular product, but you can view a list of options here along with the various features of each. Keeping your computer clean of unwanted software will again minimize the number of ways your account can be compromised.

    Keep Your Computer Up To Date

    You should always keep your operating system, installed software, and drivers as up to date as possible. Small bugs from outdated drivers or software can result in performance issues or other game stability issues while missed security updates could compromise your entire computer. Epic always recommends updating to the latest secure versions of software and operating systems.

    Don’t Trust Shared Systems

    Logging in from a shared computer (cyber cafes, libraries, a friend’s house, etc.), introduces additional risk. Only log in on shared systems controlled by people you trust. Just by logging into your account on a shared system, your credentials could be stolen and you have no real insight into how secure those machines are.

    If you’ve used an untrusted shared machine in the past, we recommend changing your password to ensure that it’s not compromised. If you play on a shared machine on a regular basis, it is critical that you use a unique password for your Epic account and make sure to log out of the launcher when finished each time.

    Enable Multi-factor Authentication When Possible

    We’ve added Two-Factor Sign In to provide an additional security measure for your account. If you opt into Two-Factor Sign In, we will send you an email with a code after you enter your password. Enter the code from the Epic email sent to you, and then you will be logged into your account. You will be prompted for the two-factor sign in code the first time you login after enabling the feature if you use a new device, clear browser cookies, or it’s been over 30 days since you last signed in.

    To opt into Two-Factor Sign In, go to your Account Settings and click on the Password & Security tab. Scroll to the bottom and click the Enable Two-Factor Sign In button.

    Please note that your email must be verified before you can enable this feature.

    Marketplace Sellers MUST have Multi-factor Authentication enabled

    Verify Email Address

    While it is currently optional, we ask that you please verify your e-mail address associated with your Epic account. This will help protect your account when we implement multi-factor authentication and make it easier for Player Support to contact you in the event of any anomalous activity with your account.
    Last edited by Kalvothe; 04-03-2018, 05:49 PM.


    Its nice to read it. But if somebody stole another account, what should I do?

    Month ago, somebody stoled my previous account, stripped connections to another accounts and changed paswords. When I try to reset my password, I will not receive any email, even if your site says it was sent and i had verified email (****** I send immediately email to help and nothing... I send in last month 6 emails to support and help and nothing! 0 answers. I even send email from my second adress, to be sure if im not in your spam... and still nothing.

    So I had to start with new account, because Unreal Engine did not allow me to save anything without login. Even if somebody have aces to my personal information, there is no support. So i blocked credit card for shure and i am still waiting...

    So what people can do if something like this happens? Is there any support?

    I ask, because there is couple threads with same problem
    Last edited by N_ck-cz; 07-23-2018, 09:54 PM.


      Though it’s common to use the same password across multiple Internet sites, this is a dangerous practice and should be avoided. If one of those sites is compromised, hackers can use your email and password from that site to break into your account on other sites using the same password.


        Originally posted by loginshack

        [REMOVED] is a professional hacking Service.
        * Hack into FACEBOOK and EMAIL ACCOUNTS
        * Hack into CRAIGSLIST and remove account flagging
        * Hack into any BANK WEBSITE
        * Hack into any COMPANY WEBSITE
        * Hack into any GOVERNMENT AGENCY WEBSITE
        * Hack into any DATA BASE
        * Hack PAYPAL ACCOUNT
        * Hack WORD-PRESS Blogs
        * SERVER CRASHED hack
        * Untraceable IP etc

        Its not April 1st...
        Last edited by Stephen Ellis; 07-25-2018, 11:36 AM.
        "A little bit of nonsense now and then is cherished by the wisest men..."
        -- Willy Wonka

        Smooth Zoom Camera Plugin for 4.24 here.



          In August 2016. :-) But it is my fault. I did not change it very much. But i had unique password for this site.

          Finally i reach help. How?
          (For someone it may be useful)

          I send email immediately on:
          - nothing. Ok. This adress is not monitored. (i received this email)

          So i try this:

          contact / unable to login into account (of course, because somebody change my password and i cant reset my password, because i received every emails from Epic except email for resseting my password )
          - I described the whole situation, but ticket was closed automatically and email told me, that i should reset my password and enable 2FA on your account.. At the end of the message:
          "We are marking your case as resolved. However, if you are still experiencing issues or have further questions, please do not hesitate to reopen your ticket by replying to this message!"
          So i replied couple times and nothing. I received only automatic respond with creating and closing my ticket. And its send from support email without ticket number.

          i tried "account compromise/unautorize purchase"
          There was somebody alive finally (after month and half). So i send him copy of one of my invoice and requested information.
          But i didnt solve anything. I described the whole situation again and guy only send me email for resetting my password. But i didnt receive any emails to reset passwords... again. Though I tried to solve this with my email provider couple weeks ago and setup email address exception...

          I contacted provider of my email today. They told me, that email from help was not sent and Epic should check server configuration. And i received another email from help:
          "You may want to change your email for you to receive the email verification and password reset."
          How i could do that without acess to this (my previous) account? (i think its some kind of test of my personal behavior tree or something)

          (Point is... prevention is good but it is related with help).

          I think there is also an obligation for the entity who handles personal information base on data protection law. If someone loses an account with personal details, it can not be the smash from the table. Even if he had a password "123" and does not remember all requested information for resetting his password
          Last edited by N_ck-cz; 07-27-2018, 10:51 PM.


            Epic wants us to verify our email account. How do I do that if the system won't send out any emails? I had to create a new account just to post this as the system is broken and I can no longer access my main account. The various support emails are also all either automated or monitored, so I see no way of resolving any issues with compromised accounts.

            I literally have no idea of how to resolve my account problems, other than posting in this thread. A new post by me outlining my account issues is not showing on the board either (presumably it's under review), so how the hell do I talk to a human to fix my broken account? None of the steps listed by OP will workf or me, as their system doesn't send out emails.

            Very frustrating.
            Last edited by temporaryacct; 08-25-2018, 01:25 PM.


              hi epic games thank for everything


                Hey epic I really need to protect my account so could I do that please and I would really love the boogie down emote


                  Hey love the game keep at it and this well be the number one game for a while


                    How do you people find this forum, then this thread, go through the entire registration process and decide to post stuff that's not only unrelated to the thread but the entire forum?


                      Originally posted by DamirH View Post
                      How do you people find this forum, then this thread, go through the entire registration process and decide to post stuff that's not only unrelated to the thread but the entire forum?
                      I think it's weird bot or organised troll effort, the posts are nearly identical and done very close to each other. I also see that most of them have been removed by now.


                        I hope you guys will be number 1 for a while cause fortinite is my favorite game in the world and I hope you guys will continue on making games that everybody enjoys and loves


                          I need boogydown


                            Thank you ver much


                              We need to build a wall between UE4 and Fortnite. When Fortnite's player base spills over into here, they aren't sending their best...

                              Check out my discord ->

                              Follow us on twitter to get updates on new products and special offers ->

                              Black Fang Technologies' products ->