Epic Games ransomware attack: Company responds to claims of breach

Sayem Ahmed
Epic games logo on background of laptop with code

Fortnite creator Epic Games has denied claims that it has suffered from an 189GB ransomware hack that contains sensitive data by hacking group Mogilevich.

Fortnite creator Epic Games is one of the biggest game developers and publishers in the world, and they have officially denied claims that they suffered from a ransomware hack. The hacking group behind the alleged data theft is named Mogilevich.

The hacking group is also behind several other high-profile heists over the past few days, with the group also allegedly extorting data from Infiniti USA and Bazaarvoice over the past week. The stolen data from Epic Games is currently up for sale on the dark web, and allegedly contains the following: “email, passwords, full name, payment information, source code and many other data included.”

Considering the volume of data stolen, this breach could contain sensitive information about customer accounts, in addition to data about Fortnite and other Epic Games titles. This kind of breach isn’t entiely unheard of, with Insomniac Games also suffering from a large-scale data breach in December 2023.

Epic responds to claims of data breach

Epic has officially responded to our request for comment on the breach, stating that the company is “investigating but there is currently zero evidence that these claims are legitimate.” The statement continues to say that the hackers have not contacted Epic, or provided any proof that a hack has even taken place.

Disputed claims over breach


It is unclear if Mogilevich has announced this for clout, or if the data leak is verified and real. Infosec expert and cybersecurity analyst Dominic Alvieri claims that news of the breach is false, as the ransomware group has not provided any proof of actually breaching Epic Games, as he posted on his Twitter / X account.

Lawrence Abrams, infosec expert weighs in, claiming that the group is demanding “15K” for the data, and will not provide proof of the breach itself unless you have intent to purchase in addition to proof of funds available.

Posted to underground site TOX, the ransomware attack is targeting Epic itself too, as text reads: “If you are an employee of the company or someone who would like to buy the data, click me.” This kind of ransomware attack can only be verified by Epic themselves, whose security experts should be able to sniff out if any data has been intercepted or stolen.

As Epic has officially responded, stating that these claims are not legitimate, it may be possible that Mogilevich is in this just for clout, aiming to scam eager buyers of the data out of cash.