Epic Games has reportedly found no clear evidence on the recent claim that its company servers have been breached. A claim made by a relatively new hacking group named Mogilevich.
In a statement made to Bleeping Computer, the Fortnite-creator stated that the business is investigating, but there is presently no indication that these accusations are true.
Epic noted, however, that when the company read these claims, which included an image of a dark web webpage in a Tweet, the business launched an investigation within minutes and contacted Mogilevich for verification.
(Photo: ANDREW CABALLERO-REYNOLDS/AFP via Getty Images)
This illustration picture shows the logo from Epic Games displayed on a laptop and an Apple Logo on an iPhone in Arlington, Virginia on April 30, 2021.
Mogilevich did not answer. The closest the company has seen to a response is the aforementioned Tweet, where they purportedly ask for $15,000 and 'proof of finances' to pass out the bogus data.
Mogilevich, a ransomware gang, recently claimed to have hacked into Fortnite producer Epic Games and stolen 189GB of data, which included "emails, passwords, full names, payment information, source code," and other information.
Sources indicates that a Mogilevich official confirms that the data is now for sale and has given Epic Games a payment deadline of March 4. However, it has not requested a precise sum, provided confirmation of the compromised data, or said what would happen if Epic Games does not comply.
The hacker organization claims to have already shared samples of the supposed stolen material with three individuals who provided evidence of payment.
Epic Games' Past Cybersecurity Incident
Epic Games was once found to have a cybersecurity vulnerability last November 2018, wherein Check Point security experts discovered flaws in Epic Games' website, allowing prospective hackers to access people's Fortnite accounts without requiring a password.
Once the researchers gained access to the hijacked accounts, they discovered that they could listen in on friends' discussions and use the victims' credit card information to buy in-game products.
Mogilevich's Other Alleged Victims
Mogilevich is a relatively young extortion outfit that claims to have violated several companies, including Ireland's Department of Foreign Affairs DFA and Infinity USA.
Multiple sources have already reported that Ireland's Department of Foreign Affairs says there was no proof of any breach of its IT systems. Mogilevich stated it is selling 7GB of hacked DFA papers. The organization did not present any proof to back up its accusations of having violated the department.
Unlike other extortion gangs, Mogilevich does not disclose stolen data samples and claims to exclusively sell to verified purchasers. Because of this lack of evidence, many security researchers reportedly think that the threat actors are aiming to defraud buyers by providing false data.
There are reportedly several signs that the Mogilevich group is not genuine. Unlike the extortion sites utilized by established ransomware-as-a-service gangs, Mogilevich's website is poorly built.
The group also wants a $1,000 payment from potential affiliates, which is likely to arouse intense suspicion among skilled scammers.
The threat actors also claim to be a Ransomware-as-a-Service operation, inviting other hackers to assist them in exchange for a functional ransomware encryptor and negotiation panel. When an affiliate launches an assault and a ransom is paid, the affiliate and operators divide the cash according to specified percentages.
Related Article: MGM Resorts Cyberattack: State and Federal Regulators Launch Probe $100 Million Data Breach
