The company is working to remove these profiles.
Back in 2018, some users found that when they tried to register an Epic Games account, they were denied, because their mail was somehow tied to an existing profile.
On April 12, Epic Games told Kotaku that the cause of the problem is still a continuing cyber attack, and the company has been working for some time to remove fake accounts linked to someone else’s mail.
As one of the users told Kotaku, his friend’s account, who also faced a problem, was named tNpPldH7g. Apparently, profiles are not created manually, but by bots.
We found an attack in which Epic accounts are created using well-known addresses through a botnet network numbering more than 500 thousand devices. We are in the process of deleting these profiles and adding additional verification steps during the account creation steps.
from the letter Epic Games for Kotaku
According to some users, they often receive letters to their address asking them to confirm their mail, although they have not created an account.
What the attack organizers are trying to achieve is unclear. Kotaku journalists contacted two former hackers of Fortnite accounts, and they also could not explain why anyone would need it.
On April 12, users also discovered that a list of data to 597 Fortnite accounts, including mail, password and skins, which are open in the profile, appeared in the network. Reddit users began to suspect that the internal system of Epic Games accounts was hacked, but the company’s engineer explained in his answer that this was not the case.
The account system used by Fortnite and Epic Games has not been hacked. Individual accounts were compromised as a result of numerous hacker attempts to gain access to Epic Games profiles using a combination of email addresses and passwords merged through security gaps in other sites.
Profiles that use the same email addresses and passwords as hacked sites are vulnerable to this attack.
Always use a separate password. In addition to this, the use of multi-factor authentication will increase the level of protection.
Epic Games engineer
Apparently, a cyber attack through a botnet and the list of data from other sites that appeared on the network are not connected in any way.