Several reports are circulating about a claim from the newly surfaced hacker collective Mogilevich, alleging a breach of Epic Games’ servers. The group asserts that it accessed a substantial cache of internal data held on the company’s systems, with figures approaching 200 GB and including items such as payment details, user credentials, emails, and source code. These assertions come from Cyber Diary, which summarizes the hackers’ statements and motives.
According to the attackers, they successfully penetrated Epic Games’ infrastructure and retrieved a broad set of data, including payment information, email addresses, user passwords, source code, and other sensitive materials. At this stage, no independent evidence has been presented to verify the breach, and the attackers have not released verifiable samples to confirm that the breach occurred. Typically, cybercriminals release portions of seized data to prove the act of hacking and to demonstrate the existence of the stolen files.
The hackers claim they offered the stolen data for sale and pressed Epic Games to pay a ransom by a stated deadline in order to avoid data ending up in third-party hands. The group did not specify what would happen after March 4 or the tainted price tag for nearly 200 GB of data.
Epic Games has not issued a public statement confirming or denying the incident. The absence of a formal confirmation makes it difficult for users to assess the veracity of the claims, and the company has not disclosed any breach-related details through official channels.
The Mogilevich group remains obscure online and appears to have emerged only recently. Its notoriety in the cybercrime landscape is still limited, and the group has not established a consistent track record of public statements or credible leaks.
Earlier disclosures by the same group reportedly included data related to popular Sony PlayStation titles, suggesting a broader focus on high-profile gaming ecosystems. Analysts advise caution and emphasize the importance of independent verification before drawing conclusions from unverified hacker postings.
For users and enterprises in Canada and the United States, this situation highlights several security considerations. Organizations should review access controls, monitor for unusual authentication activity, and ensure that payment processing and user data are protected by strong encryption and robust incident-response plans. Consumers should enable multi-factor authentication where available, watch for credential-stuffing attempts, and monitor account activity for unfamiliar logins or suspicious payment records. In any case, official statements from Epic Games or credible security researchers should be prioritized over unverified claims from new hacker groups.