• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

Tim Sweeney's apology email to Yves Guillemot shows a 70-90% fraudulent transaction rate on EGS for The Division 2

SteveWinwood

SteveWinwood

Member
Oct 25, 2017
18,695
USA USA USA
Thanks to strudelkuchen for pointing it out in the documents thread.

---

Dear Yves,

I'm writing to apologize for the shortcomings in our Epic Games store implementation and our Uplay integration.

In the past 48 hours, the rate of fraudulent transactions on Division 2 surpassed 70% and was approaching 90%. Sophisticated hackers were creating Epic accounts, buying Ubisoft games with stolen credit cards, and then selling the linked Uplay accounts faster than we were disabling linked Uplay purchases for fraud.

Fraud rates for other Epic games store titles are under 2% and Fortnite is under 1%. So 70% fraud was an extraordinary situation.

To stop the fraud, we disabled purchasing of Ubisoft games. We will make our best efforts to restore service as quickly as we can. This depends on (1) a real-time system for disabling refunded and fraudulent purchases on Uplay, and (2) anti-fraud improvements in Epic's service. This work will likely take at least 2 weeks to complete.

The fault in this situation is entirely Epic's, and all of the minimum revenue guarantees remain in place to ensure our performance.

I'm sorry for the trouble,

Tim Sweeney

Epic Games

---

via https://app.box.com/s/6b9wmjvr582c95uzma1136exumk6p989/file/806843549406

Kyougar said:
in picture format
eprMEhU.png
Click to expand...
Click to shrink...

The link is down now for me but I've seen it elsewhere. I'm trying to find the text to another related file about the same subject (Exhibit DX-3756) and I'll post it here when I find it.
 
Last edited:
spam musubi

spam musubi

Member
Oct 25, 2017
9,381
The wild part is "approaching 90%". 70%, but getting close to 90 to me sounds like something in the high 80s that they're trying to spin.
 
Orion117

Orion117

Prophet of Regret - A King's Landing
Member
Dec 8, 2018
3,919
I remember ubisoft games being disabled on epic. People said it was because mtx integration wasnt working.
 
Joni

Joni

Member
Oct 27, 2017
19,508
Just shitty people doing stuff like this, because they're frauding the holder of the original card, the developer and the buyer of the account.
 
spam musubi

spam musubi

Member
Oct 25, 2017
9,381
Also this, among with everything else we know about the EGS, just goes to show that epic are just not prepared or qualified (yet) to run their own store. They have a very gung ho approach to doing this all and it's clear that they're prioritizing their spending in acquiring exclusives instead of making the store better.
 
ReggieBC

ReggieBC

Attempted to circumvent ban with an alt-account
Banned
Oct 25, 2017
359
Don't see anything wrong with this email
 
Nintendo

Nintendo

Prophet of Regret
Member
Oct 27, 2017
13,387
That's a good email. Why are people trying to make everything looks bad and funny?
 
OP
OP
SteveWinwood

SteveWinwood

Member
Oct 25, 2017
18,695
USA USA USA
sir_crocodile said:
I assume people are probaly thinking about how primitive the EGS front end is and assuming the same about the backend. Need not necessarily be the case, I assume backend security was the number one priority.
Click to expand...
Click to shrink...
I'm still trying to find exhibit DX-3756 where Tim Sweeney apparently says: "Doesn't help that we don't currently verify email address or have good account security."

This was an inaccurate attribution. The person who said this was Scott Adams, someone who works on fraud with Epic. There is more information coming later in the thread.
 
Last edited:
APizzaPie

APizzaPie

Member
Oct 27, 2017
834
Reading that email stressed me out. It must have sucked to work on a fix like that under a time crunch.
 
MJForum Poster

MJForum Poster

Member
May 25, 2019
6,032
London
I would love to read a postmortem of this issue and how they fixed it. This type of stuff happens all the time when your start connecting various services and user flows built by different teams. Companies spend a ton of trying to catch and prevent fraud in real time
 
boi

boi

Member
Nov 1, 2017
1,769
The real news is the scale of the hack I would say. The email is just what one business person would write to another in this situation to remediate.
 
Lashley

Lashley

<<Tag Here>>
Member
Oct 25, 2017
60,112
MoosGoMoo said:
The scale needed to prompt this email obviously implies it was on a large-scale, which no, most kids can't do.

Don't let facts get in the way of snark though.
Click to expand...
Click to shrink...
Lots of people did it, it wasn't a small group ffs

There were reddit posts with guides about it, but yeah, "sophisticated hackers" did it

Don't let facts get in the way of snark though.
 
elenarie

elenarie

Game Developer
Verified
Jun 10, 2018
9,841
MJForum Poster said:
I would love to read a postmortem of this issue and how they fixed it. This type of stuff happens all the time when your start connecting various services and user flows built by different teams. Companies spend a ton of trying to catch and prevent fraud in real time
Click to expand...
Click to shrink...

Yea for big projects companies usually hire penetration testing specialists before launch, that focus entirely on finding security holes for whatever the product / service is. But it is a whole different story when you open something to the mercy of the internet. :D
 
OP
OP
SteveWinwood

SteveWinwood

Member
Oct 25, 2017
18,695
USA USA USA
More screencaps from the email chain about this issue from Epic internally (Read from the bottom up because emails):


hGCt58z.jpg

M3fI8X9.jpg


The general update of where they were with the issue and some goals:

HaiFfjs.jpg
 
You must log in or register to reply here.