General Discussion

12058 readers

243 users here now

Welcome to Lemmy.World General!

This is a community for general discussion where you can get your bearings in the fediverse. Discuss topics & ask questions that don't seem to fit in any other community, or don't have an active community yet.

🪆 About Lemmy World

🧭 Finding Communities

Feel free to ask here or over in: !lemmy411@lemmy.ca!

Also keep an eye on:

For more involved tools to find communities to join: check out Lemmyverse!

💬 Additional Discussion Focused Communities:

!actual_discussion@lemmy.ca - Note this is for more serious discussions.
!casualconversation@lemm.ee - The opposite of the above, for more laidback chat!
!letstalkaboutgames@feddit.uk - Into video games? Here's a place to discuss them!
!movies@lemm.ee - Watched a movie and wanna talk to others about it? Here's a place to do so!
!politicaldiscussion@lemmy.world - Want to talk politics apart from political news? Here's a community for that!

Rules

Remember, Lemmy World rules also apply here.

0. See: Rules for Users.

No bigotry: including racism, sexism, homophobia, transphobia, or xenophobia.
Be respectful. Everyone should feel welcome here.
Be thoughtful and helpful: even with ‘silly’ questions. The world won’t be made better by dismissive comments to others on Lemmy.
Link posts should include some context/opinion in the body text when the title is unaltered, or be titled to encourage discussion.
Posts concerning other instances' activity/decisions are better suited to !fediverse@lemmy.world or !lemmydrama@lemmy.world communities.
No Ads/Spamming.
No NSFW content.

founded 1 year ago

MODERATORS

Jessica@lemmy.world

ElectroVagrant@lemmy.world

fubo@lemmy.world

Can I infer a breach of Epic Games payment systems? (lemmy.world)

submitted 9 months ago* (last edited 9 months ago) by s38b35M5@lemmy.world to c/general@lemmy.world

8 comments fedilink hide all child comments

I use Privacy cards for the majority of online commerce. If you aren't familiar with them, they generate one-off card numbers that obfuscate your financial details and become locked to the merchant of first use. They also can create single-use cards that deactivate after the first charge.

The card I have tied to my Epic account generated two fraudulent charges on Dec 10 at Spanish-named locations. The charges were blocked, as they didn't originate from Epic. On top of blocking the charges, Privacy deactivated the card number as they suspected fraud.

I've reached out to Epic for details, but they're just sending scripted meaningless fluff, and its been almost forty days.

Am I right to assume this means Epic was themselves the victim of some breach? I don't see any press releases or coverage of anything.

top 8 comments

sorted by: hot top controversial new old

[–] seathru@lemm.ee 13 points 9 months ago

Could be Epic, could be privacy.com, or could be malware on your system. But every time I've tried alerting places they are leaking credit card #'s, I get the runaround or ignored. So I just assume it's on my end, take the necessary precautions, and let them figure out on their own if it's their problem.

[–] stevehobbes@lemy.lol 10 points 9 months ago (1 children)

Or a breach of privacy.com’s systems, lol.

[–] phx@lemmy.ca 4 points 9 months ago (1 children)

If their systems were breached, I'd expect charge attempts against whatever cards are funding that account, not the generated card #'s.

[–] stevehobbes@lemy.lol 2 points 9 months ago* (last edited 9 months ago) (1 children)

Not if they only got log files from a period of time or something. Or they generated enough numbers that they figured out the algorithm for how privacy.com allocates and reuses numbers.

[–] phx@lemmy.ca 2 points 9 months ago

Possibly. We'll probably see if there's a pattern of compromised numbers between one or another

[–] Metacortechs@lemmy.world 10 points 9 months ago (1 children)

I cant say for certain, but I do know that it's likely card number algorithms can be compromised in one way or another. I had a credit and debit compromised one day after another, the credit card having never been used at all. I had them both cancelled and reissued immediately, and after activating the new credit card it was done again the very next day. These were from the same bank, a small credit union based in Eastern Washington.

Again, it was cancelled, they told me it was an algorithmic attack, and the next card that arrived was activated and had no further issues despite use in person and online until it expired.

Maybe they were saving face after a breach, but that kind of attack felt far more likely given my lack of usage.

[–] EurekaStockade@lemmy.world 3 points 9 months ago

Card numbers follow a stamdard format and have digits that represent the payment provider (eg Visa, Mastercard, AMEX) and the issuing credit provider, along with a checksum, but also guessing the corresponding expiry date and CVV has a vanishingly small chance.

[–] Marsupial@quokk.au 6 points 9 months ago* (last edited 9 months ago)

Depending on your country, maybe try contacting some sort of department that deals with consumer affairs?

Companies will rarely act on anything serious unless the government makes them.