As everyone knows I love me some amazing Fortnite which so far I’m 2 and 0. I’ve won two games and never played since. That doesn’t mean my Epic Games account isn’t valuable to me or doesn’t have a plethora of either free games or other Epic Games attached to it that I don’t value. So when I got an email saying that my password was reset and that I had successfully connected to an Xbox One – an Xbox One that I don’t own, I was concerned.
This method of attack somehow allowed someone to reset the password without going through my email – I’m assuming that they logged in via an insecure or leaked password, then changed it via the online account settings and then linked it to their Xbox One. I’m not sure why, my Epic Games account isn’t that cool, but it’s still concerning.
What To Do When You’re Hacked
So the very, very first thing you want to do is make sure that your account is ACTUALLY hacked and that the email you receive is a legitimate Epic Games email. First never click any link within the email – no point in trusting it AT ALL. Go to the Epic Games site and attempt to login (again, via your own methods, not the emails link). If you can login, great – you likely got a phishing email. At this point, change your password (using something secure and unique to Epic Games) and if you haven’t, enable two factor authentication.
If you can’t get in or if you get in and notice ANYTHING at all is wrong (accounts linked that shouldn’t be, especially fraudulent charges, etc.) or you think its prudent then it’s time to contact Epic Games support. I’m not going to link directly to them, you can find it on the official Epic Games website. At this point you’re going to want to send, via a support ticket, all of the information in regards to what has occurred (what emails you’ve received, what has changed in your account) and then be prepared to verify ownership.
In the case of my account, it was linked to someone’s Microsoft account. This is bad because it allows them to use the Microsoft sign-on process to get direct access into my account AND that account is the ONLY ONE FOREVER AND EVER that can link to the account unless you get support’s help.
Given the summer holiday, Epic Games had my account fixed within 5 days. I would like to highlight that the time may differ, but be prepared for patience. Before your account gets hacked, here are some tips to avoid going through the process.
What To Do to Prevent Being Hacked
Follow the following advice along with the advice on the official site:
- Use a unique password for EVERYTHING. If you can’t remember them all, use a password manager like LastPass or KeyPass. Remember your Nintendo, PS4 and Xbox account are all means of getting access to your epic games account. So if your password is weak there, that’s an avenue for them to attack.
- Enable two factor authentication!!! FOR EVERYTHING!!! It’s annoying but phones now make it easier than ever to automatically insert those codes you get texted and there are tons of stylish IRL key fobs to use plus apps and email and so many ways lots of services let you secure your account. Do it! It’s going to stop most attacks even if they obtain your password.
- Enable two factor for your password app of choice!!
- Saved payment information is convenient if you make a lot of purchases, but it’s best to never save a debit card or anything that you pay your bills out of. If your account is compromised and the ner’do’wells buy up a ton of zbucks then you could be left waiting for not only Epic to refund you but for your bank to process the refund. Add in weekends and you could be looking at awhile.
- Never share your account. While often against the terms of service (and a great way to get banned), it’s also just a nightmare waiting to happen. Even with your best Internet friends that you spam the OwO and the :3 and the XD at.
- Never visit a website from an unsolicited email. I say unsolicited, because you will often have to click password reset emails and that’s generally fine, but if you didn’t request it don’t click it. Use your browser and type in the URL.
- Don’t use a search engine as a replacement for your browser’s URL bar. Malicious ads, while infrequent and search engines do an AMAZING job these days of removing, are always a risk.
- Check the URL at the top and look for the lock when you login. Epic Games will NEVER have an unsecured website for you to login to.
Big thank you to the Epic Games support team for resolving my account issues and here’s to keeping our account’s safe!