That 189GB Epic Games "hack" may have been a scam aimed at other hackers

Last week's alleged Epic Games hack was a scam, so-called "ransomware" group Mogilevich have confessed, or at least, are reported to have confessed in a self-congratulary new statement. The group have not, it now seems, stolen a bunch of login data, WIP software and payment information from the creators of Fortnite; they were only pretending to have done so with a view to duping other hackers into buying their tools.

Or at least, that's what they're said to be saying now. I haven't tracked down the original source for Mogilevich's latest statement, and in any case, anything you read from a self-described "professional fraudster" should probably be treated with caution. Still, it lines up with Epic's own comments last week that there was no real sign that a hack had taken place.

To catch you up, Cyber Daily shared news of the alleged hack last Wednesday 28th February. It was reported that 189GB of data had been stolen, with Mogilevich demanding $15,000 for the data's return or purchase by another party. Epic, however, swiftly interjected that there was "zero evidence that these claims are legitimate", and it seems they were on the money.

"Unfortunately this link led you to an important announcement of our business instead of evidence of a breached database," reads a Mogilevich statement that surfaced without direct attribution over the weekend, and was again passed on by Cyber Daily. "You may be wondering why all this, and now I'm going to explain everything you need. In reality, we are not a ransomware-as-a-service, but professional fraudsters.

"None of the databases listed in our blog were as true as you might have discovered recently," the post continues. "We took advantage of big names to gain visibility as quickly as possible, but not to fame [sic] and receive approval, but to build meticulously our new trafficking of victims to scam."

The statement frames the whole thing as an advertisement for fake ransomware infrastructure tools, and proceeds to gloat about having already tricked a number of other hackers. It concludes: "Now the real question is? Why confess all this when we could just run away? This was done to illustrate the process of our scam. We don't think of ourselves as hackers but rather as criminal geniuses, if you can call us that."

It's a dog-eat-dog world on the darkweb, evidently. But exactly which dog is eating which dog, and what should you, a passing tabby cat, do to ensure you aren't set upon and mauled? I've asked Epic for comment. In the meantime, I would definitely change your login details if you haven't already.