Epic Games Company Cyber Security Posture
epicgames.comFounded in 1991, Epic Games is a leading interactive entertainment company and provider of 3D engine technology. Epic operates Fortnite, one of the worldโs largest games with over 350 million accounts and 2.5 billion friend connections. Epic also develops Unreal Engine, which powers the worldโs leading games and is adopted across industries such as film and television, architecture, automotive, manufacturing, and simulation. Through Unreal Engine, Epic Games Store, and Epic Online Services, Epic provides an end-to-end digital ecosystem for developers and creators to build, distribute, and operate games and other content. Epic has over 40 offices worldwide with headquarters in Cary, North Carolina.
Epic Games Company Details
epic-games
10686 employees
777346.0
none
Computer Games
epicgames.com
Scan still pending
EPI_9930560
In-progress
Epic Games Risk Score (AI oriented)Between 200 and 800
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Epic Games Global Score.png)
Epic Games Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 200 and 800 |
Epic Games Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Unreal Engine | Breach | 100 | 5 | 08/2016 | UNR211631522 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: The hackers infiltrated the systems of Unreal Engine by SQL injection vulnerability which allowed the hacker to get access to the full database. A hacker has stolen thousands of forum accounts associated with Unreal Engine and its maker, Epic Games. The hacker acquired usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, their full history of posts and comments including private messages, and other user activity data from both sets of forums. They immediately investigated the incident and took preventive steps. | |||||||
| Epic Games | Cyber Attack | 100 | 6/2025 | EPI601061625 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Stormous, a hacker collective, has been leveraging cyberattacks as political acts, targeting high-profile entities such as ministries, regions, and major economic players like Epic Games. Their strategy involves stealing data and then blackmailing the victims with the threat of publication. This tactic not only seeks financial gain but also aims to destabilize targeted organizations, making each attack a significant threat to both financial and reputational stability. | |||||||
| Epic Games | Data Leak | 60 | 4 | 12/2022 | EPI32022123 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The fined Epic Games, the video game company behind Fortnite, was fined $520 million by the US Federal Trade Commission (FTC) for non-compliance with the Children's Online Privacy Protection Act (COPPA). Epic Games have to pay $275 million for violating COPPA and another $245 million in refunds for tricking users into making unwanted charges and, changing the default privacy settings. The company intentionally stored personal information, such as names and emails, of its Fortnite subscribers, including minors. With this data, the firm monitors their activity within the game. In the case of minors, Epic Games did not have parental consent. | |||||||
| Epic Games | Data Leak | 85 | 3 | 08/2016 | EPI2054291023 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The Epic Games forums were compromised, exposing 808,000 Unreal Engine and Unreal Tournament forum accounts' salted passwords. Email addresses, birth dates, and private messages are among the information taken from Epic Games. Security experts have expressed dissatisfaction with the degree of security put in place to safeguard customers' data. In response, the firm has stated that it would not be forcing account resets because passwords on the Unreal forums were not compromised. Additionally, the Facebook access tokens that were stored in the database for individuals who logged in using their social account were accessible to the attackers. | |||||||
Epic Games Company Subsidiaries
Founded in 1991, Epic Games is a leading interactive entertainment company and provider of 3D engine technology. Epic operates Fortnite, one of the worldโs largest games with over 350 million accounts and 2.5 billion friend connections. Epic also develops Unreal Engine, which powers the worldโs leading games and is adopted across industries such as film and television, architecture, automotive, manufacturing, and simulation. Through Unreal Engine, Epic Games Store, and Epic Online Services, Epic provides an end-to-end digital ecosystem for developers and creators to build, distribute, and operate games and other content. Epic has over 40 offices worldwide with headquarters in Cary, North Carolina.
Access Data Using Our API
Get company history
Rapid.png)
Epic Games Cyber Security News
Epic Games sues Google, Samsung over โAuto Blockโ mobile cybersecurity feature
Auto Block is a cybersecurity setting in Samsung devices that promises to protect users from malicious apps. When enabled, the feature blocksย ...
Ninth Circuit Should Stop โRivals-Protection Racketโ in Epic Games Case Against Google
American antitrust law is not designed to penalize success or help the government's preferred competitors. It focuses on practices thatย ...
Epic Games Stores to Require 2FA when Claiming Free Games
When other stores chose to implement two-factor authentication, the measure applied to all the users and logins, but Epic Games is not doing the same.
Please Read the Epic Games Privacy Policy
This privacy policy describes the different ways we may collect, use, and share information on, through, or in connection with the Epic Services.
Epic Games kicks off plan to add third-party games to own mobile store
"Fortnite" maker Epic Games said on Thursday it will add 19 third-party games to its own marketplace app on Google's Android globally and 16ย ...
Google Doubles Down On Sideloading Warning In Response To Epic Games
It has been clear that Google is heading in this direction, but now we have been left in no doubt given public statements from one of Google'sย ...
Alleged Epic Games Store hack may include passwords and payment info โ should you be worried?
Epic Games Store users may want to keep their eyes peeled on a developing story that sees a dark-web ransomware group by the name of Mogilevichย ...
The Epic Games breach was actually a scam
Though malicious groups in the past have had success targeting gamers and game companies, this particular breach, it turns out, was part of aย ...
Epic Games hit with class action suit over Fortnite security breach
Epic has fixed the issue, but the suit states that Epic failed to notify affected players and Fortnite users 'have suffered an ascertainableย ...
Epic Games Similar Companies
Keywords Studios
We provide creative services to the global video games industry and beyond through our end-to-end platform, supercharged by our own technology. Our goal is to help you imagine more for your IP, bringing to life digital content that entertains, connects, and educates people worldwide.โ โ Established
Ubisoft
Ubisoftโs 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich playersโ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassinโs Creed, Far Cry,
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Epic Games CyberSecurity History Information
How many cyber incidents has Epic Games faced?
Total Incidents: According to Rankiteo, Epic Games has faced 4 incidents in the past.
What types of cybersecurity incidents have occurred at Epic Games?
Incident Types: The types of cybersecurity incidents that have occurred incidents Data Leak, Breach and Cyber Attack.
What was the total financial impact of these incidents on Epic Games?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Epic Games detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with No forced account resets.
Incident Details
Can you provide details on each incident?
Incident : Double Extortion
Title: Stormous Cyberattacks
Description: L'ADN de Stormous ne se rรฉsume pas ร la seule recherche de profit. Depuis le dรฉbut du conflit ukrainien, le collectif affiche ouvertement son soutien ร Moscou, en transformant chaque cyberattaque en acte politique. Cette stratรฉgie de double extorsion, qui se matรฉrialise par le vol de donnรฉes d'abord et chantage ร la publication ensuite, vise autant l'enrichissement que la dรฉstabilisation. Les cibles choisies ne sont en plus jamais anodines. On y retrouve des ministรจres, des rรฉgions, mais aussi gรฉants รฉconomiques comme Coca-Cola, Volkswagen ou Epic Games.
Type: Double Extortion
Threat Actor: Stormous
Motivation: Financial Gain, Political Motivations
Incident : Data Breach
Title: Epic Games Forum Breach
Description: The Epic Games forums were compromised, exposing 808,000 Unreal Engine and Unreal Tournament forum accounts' salted passwords. Email addresses, birth dates, and private messages are among the information taken from Epic Games. Security experts have expressed dissatisfaction with the degree of security put in place to safeguard customers' data. In response, the firm has stated that it would not be forcing account resets because passwords on the Unreal forums were not compromised. Additionally, the Facebook access tokens that were stored in the database for individuals who logged in using their social account were accessible to the attackers.
Type: Data Breach
Incident : Data Privacy Violation
Title: Epic Games Fined for COPPA Violations and Unwanted Charges
Description: Epic Games, the video game company behind Fortnite, was fined $520 million by the US Federal Trade Commission (FTC) for non-compliance with the Children's Online Privacy Protection Act (COPPA). The company has to pay $275 million for violating COPPA and another $245 million in refunds for tricking users into making unwanted charges and changing the default privacy settings. The company intentionally stored personal information, such as names and emails, of its Fortnite subscribers, including minors. With this data, the firm monitors their activity within the game. In the case of minors, Epic Games did not have parental consent.
Type: Data Privacy Violation
Threat Actor: Epic Games
Motivation: Financial Gain
Incident : Data Breach
Title: Unreal Engine Forum Data Breach
Description: Hackers infiltrated the systems of Unreal Engine by exploiting an SQL injection vulnerability, gaining access to the full database and stealing thousands of forum accounts associated with Unreal Engine and its maker, Epic Games.
Type: Data Breach
Attack Vector: SQL Injection
Vulnerability Exploited: SQL Injection Vulnerability
Threat Actor: Hacker
Motivation: Data Theft
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through SQL Injection Vulnerability.
Impact of the Incidents
What was the impact of each incident?
Incident : Double Extortion EPI601061625
Data Compromised: True
Incident : Data Breach EPI2054291023
Data Compromised: email addresses, birth dates, private messages, Facebook access tokens
Systems Affected: Unreal Engine and Unreal Tournament forums
Brand Reputation Impact: negative
Incident : Data Privacy Violation EPI32022123
Financial Loss: ['$275 million for COPPA violation', '$245 million in refunds']
Data Compromised: Names, Emails
Legal Liabilities: COPPA Violation
Incident : Data Breach UNR211631522
Data Compromised: usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, post history, comments, private messages, other user activity data
Systems Affected: Forum Systems
What is the average financial loss per incident?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are email addresses, birth dates, private messages, Facebook access tokens, Personal Information, usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, post history, comments, private messages and other user activity data.
Which entities were affected by each incident?
Incident : Data Breach UNR211631522
Entity Type: Company
Industry: Gaming
Customers Affected: Thousands
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach EPI2054291023
Remediation Measures: No forced account resets
Data Breach Information
What type of data was compromised in each breach?
Incident : Double Extortion EPI601061625
Data Exfiltration: True
Incident : Data Breach EPI2054291023
Type of Data Compromised: email addresses, birth dates, private messages, Facebook access tokens
Number of Records Exposed: 808,000
Data Encryption: ['salted passwords']
Personally Identifiable Information: email addresses, birth dates
Incident : Data Privacy Violation EPI32022123
Type of Data Compromised: Personal Information
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach UNR211631522
Type of Data Compromised: usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, post history, comments, private messages, other user activity data
Number of Records Exposed: Thousands
Sensitivity of Data: High
Data Exfiltration: True
Data Encryption: Scrambled Passwords
Personally Identifiable Information: usernames, email addresses, IP addresses, birthdates, join dates
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: No forced account resets.
Ransomware Information
Was ransomware involved in any of the incidents?
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident?
Investigation Status
What is the current status of the investigation for each incident?
Incident : Data Breach UNR211631522
Investigation Status: Investigated and Preventive Steps Taken
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach UNR211631522
Entry Point: SQL Injection Vulnerability
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach UNR211631522
Root Causes: SQL Injection Vulnerability
Additional Questions
General Information
What was the amount of the last ransom demanded?
Last Ransom Demanded: The amount of the last ransom demanded was True.
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Stormous, Epic Games and Hacker.
Impact of the Incidents
What was the highest financial loss from an incident?
Highest Financial Loss: The highest financial loss from an incident was ['$275 million for COPPA violation', '$245 million in refunds'].
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were email addresses, birth dates, private messages, Facebook access tokens, Names, Emails, usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, post history, comments, private messages and other user activity data.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Unreal Engine and Unreal Tournament forums and Forum Systems.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were email addresses, birth dates, private messages, Facebook access tokens, Names, Emails, usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, post history, comments, private messages and other user activity data.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 808.0M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was True.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $520 million.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigated and Preventive Steps Taken.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an SQL Injection Vulnerability.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
