Epic Games have announced that they plan to increase the security on the Epic Store after several claims that using the service had put several people at risk, despite Epic stating that they have not been hacked. The first step being taken is advising users of the Epic Store to use a unique password, especially if your e-mail address has been hacked before. In a press release about their login system Epic said:
"This account system has never been compromised. However, specific individual Epic accounts have been compromised by hackers using lists of email addresses and passwords leaked from other sites which have been compromised."There has also been an apparent attack on the system where a botnet has been used to create millions of accounts using previously leaked e-mail addresses, preventing certain people from making a new Epic Store account. The company has been working to delete these bot-created accounts, but they have said that any user creating a new account who find their e-mail address already in use can simply reset their password to claim it for themselves.
As well as the advice on compromised and unique passwords the Epic Store will soon be receiving an update which enabled multi-factor authentication when logging in from a new device or after a period of account inactivity. The multi-factor authentication (MFA) will be supported via both e-mail and an app and will provide users with a unique code they must enter to authorise a new login. There are also plans to add text message-based MFA in the near future.
Epic has also said that they will be monitoring accounts for any passwords that have been leaked in the past and locking them until the owner can reset the password. As part of this scheme, they have also begun checking new passwords against the pwned passwords list (v4.0) and preventing the use of any password which appears to have been hacked before. As well as the previously discussed methods Epic has claimed that they also use automatic detection of compromised accounts and lock them, again requiring a password reset from the real user before being allowed access once again. Over the next few months, they hope to increase these methods of automatic detection to catch even more hacked accounts.
What do you think about the upgrades in security? Does this make you more likely to create an Epic Games account? Let us know in the comments!