Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label User Security. Show all posts

Epic Games Faces Alleged Ransomware Attack

 


Recently, Epic Games, the renowned publisher of Fortnite, is reportedly under threat from a hacking group named Mogilevich. However, the legitimacy of this ransomware attack is yet to be confirmed. Epic Games has stated that they are actively investigating the situation but have found zero evidence supporting the claims made by Mogilevich.

The hacking group asserts that it has nearly 200GB of sensitive data, including emails, passwords, full names, payment information, and source code. This information is claimed to be up for sale on the dark web, raising concerns about a potential security threat for many individuals. Mogilevich has set a deadline of March 4th for purchasing the data, but as of now, there is no concrete proof that they possess the stated information.

Epic Games, responsible for the popular Fortnite game, holds substantial payment data due to its Games Store and the sheer size of its user base. If the claims by Mogilevich turn out to be true, it could pose a significant risk to user privacy and security.

As of the latest update, Epic Games has not officially commented on the situation. It is crucial for users to stay informed about developments in this case.


Security Measures for Epic Games Account Holders

Taking a proactive approach, it is advisable for all Epic Games account holders to secure their accounts. Regardless of the validity of the alleged attack, changing passwords and enabling two-factor authentication (2FA) is a prudent step towards enhancing account security. Using unique passwords for different online platforms is stressed, as it mitigates risks associated with potential data breaches.


Background on Mogilevich

Mogilevich, identified as a relatively new threat by cybersecurity sources, is reportedly responsible for a limited number of attacks. Prior to the alleged targeting of Epic Games, the group targeted Infiniti USA, a subsidiary of Nissan, just over a week ago. Their tactics involve leveraging dark web platforms to sell stolen data, making it imperative for users to take precautions.

In a Tweet, Mogilevich hinted at a demand for $15,000 and 'proof of funds' to release the purported data, adding an additional layer of complexity to the situation.

The situation with Epic Games and Mogilevich highlights the increasing importance of cybersecurity in the gaming industry. While the hack remains unverified, users are encouraged to stay vigilant, update their passwords, and implement 2FA. The potential impact on users and the gaming community is substantial, emphasising the need for urgent and transparent communication from Epic Games as they navigate this security challenge.

This ongoing situation forces the broader issue of cybersecurity threats faced by prominent entities, and how imperative it is to adopt robust protective measures and user awareness in a world drowning in technology. As more information unfolds, it will be crucial for users to stay informed and take necessary actions to safeguard their online accounts.



Hacker Steals Database of Verizon Employees

 

A hacker stole a database including hundreds of Verizon workers' complete names, email addresses, corporate ID numbers, and phone numbers. By calling phone numbers in the database, Motherboard was able to confirm that at least part of the data is genuine. Four persons confirmed their complete identities and email addresses, as well as their employment at Verizon. It's uncertain whether all of the info is correct or up to date.

Another person validated the information and stated that she used to work for the company. A dozen more numbers received voicemails that included the names in the database, implying that they are also correct. Last week, the hacker contacted Motherboard to provide the information. 

The data was obtained, according to the unidentified hacker, by convincing a Verizon employee to grant them remote access to their company computer. At that time, the hacker claimed to have gotten access to a Verizon internal tool that displays employee data and to have developed a script to query and scrape the database. 

“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” they told Motherboard in an online chat. The hacker stated they reached out to Verizon and shared the email that he sent to the company. 

“Please feel free to respond with an offer not to leak you’re [sic] entire employee database,” the hacker wrote in the email, according to a screenshot of it. The hacker stated they would like Verizon to pay them $250,000 as a reward. A Verizon spokesperson confirmed the hacker has been in contact with the company. 

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. 

“As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.” 

While the stolen information does not include Social Security numbers, passwords, or credit card details, it is nonetheless potentially harmful. It might be beneficial for hackers who wish to target corporate employees—or mimic one while speaking with another—in order to get access to internal tools. An attack of this type would offer hackers the opportunity to impersonate Verizon personnel and, if successful, complete access to networks that would allow them to look up individuals' information and transfer their phone numbers, a practice known as SIM swapping. 

For years, hackers have gained access to victims' phone numbers, allowing them to change the target's email password, for example. As a result, the hackers get access to the victim's bank or cryptocurrency account. Hundreds, if not thousands, of people have been victimised by this type of breach in recent years. Several persons have been arrested and indicted in the United States for allegedly participating in these types of cyberattacks.