A ransomware gang claims to have hacked Epic Games, saying it has nearly 200 gigabytes of internal data.
As reported byCyber Daily, the gang, which goes by the name Mogilevich, posted a message on its darknet leak site giving more information on its claimed leak of theFortniteandEpic Games Storecompany.
“We have quietly carried out an attack toEpic Games‘ servers,” the message reads.
It also claims to have compromised “email, passwords, full name, payment information, source code and many other data”, amounting to a total size of 189GB.
“Data is also for sale”, it says, adding a link for “an employee of the company or someone who would like to buy the data”.
Update - Epic responds28th Feb 2024 / 1:25 pm
Epic Games has provided VGC with a statement regarding this story.
“We are investigating but there is currently zero evidence that these claims are legitimate,” it says. “Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations.
“When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded.
“The closest thing we have seen to a responseis this Tweet, where they allegedly ask for $15k and ‘proof of funds’ to hand over the purported data.”
The gang has given a deadline of March 4 for someone to buy the data, but has not given a specific figure, nor has it indicated what it will do with the data if the deadline passes.
According to Cyber Daily, Mogilevich is a relatively new ransomware group, and Epic Games is its fourth target. The first was Nissan subsidiary Infiniti USA, which it hacked last week.
At the time of writing, the group has not released any actual proof that it has successfully hacked Epic Games.
When the Rhysida grouphacked Insomniac Games in late 2023, it followed up its claim by publishing a small amount of data online as proof, including an annotated screenshot fromInsomniac’s upcoming Wolverine game.
The group threatened to publish the stolen data within seven days, but first offered it for auction with a starting price of 50 Bitcoins (approximately $2 million). One week later, it followed through with its threat, reportedly releasing around 98% of the stolen data.
Insomniac then released a statementcalling the experience “extremely distressing” and saying it would “continue working quickly to determine what data was impacted”.
