about 5 years ago - Epic Security - Direct link
If anyone besides you has gained access into your Fortnite Account, it is highly recommended that you take action immediately to protect your account.

What should I do if my Fortnite account has been hacked or compromised?

Changing your password is the first thing you should do if your account has been hacked or compromised. When you change it, anyone signed into the Epic Games website via your account will be logged out from the website. To change your password, take the following steps:
 
  • Log in to your account.
  • Go to your “Account” page.
  • Select “Password & Security.”
  • Change your password in the “Change Your Password” section.

For the security of your account, you should choose a password unique from those of your other online accounts.

I’ve changed my password. Now what?

Next, if applicable, you should unlink your connected console account(s). When you unlink these, anyone signed into a console game via your account will be logged out from the game. To unlink your connected console account(s), take the following steps:
 
  • On your “Account” page, select “Connected Accounts.”
  • Select “Disconnect” for all of your connected console accounts (Xbox, PlayStation Network, and/or Nintendo Switch).

After logging out anyone who may have been signed into your account, you should take the following steps to make sure no one besides you logs into your account again: 
 
  • Enable Two-Factor Authentication on your account. (For instructions on how to enable this option, click here.) 
  • Remember to keep your password a secret.

What if someone besides me has already changed my password?

If someone besides you has already changed your password, you may still be able to log into your account. To log in in this scenario, take the following steps:
 
  • Select “Forgot Your Password?” on the “Sign In” page.
  • Enter the email address you most recently associated with your account.
  • Check the inbox of that email address for an email containing instructions on how to reset your password. If you do not see the email, check your junk/spam folder.
  • Follow the instructions for changing your password.

What if I don’t receive an email containing instructions for changing my password?

You may be in one of these situations that prevent you from receiving the email:
 
  • You lost access to the email account tied to your Epic Games account.
  • Someone besides you changed the email address associated with your Epic Games account.
  • Your Epic Games account has been deactivated or banned.

No matter why you didn’t receive the email, you should contact Epic Games for help. To get help from Epic Games regarding your account, take the following steps:
 
  • Go to: https://www.epicgames.com/site/customer-service
  • Select “Epic Account.”
  • Select “Contact Us.”
  • Make sure the first drop-down menu of the contact form is set on “Epic Accounts.”
  • Fill out the rest of the contact form with the necessary information concerning your case.
    • Be sure the email address you enter is one you have access to.
    • Describe your inquiry as “Hacked Account / Unauthorized Purchase” in the last drop-down menu.
  • Select “Submit.”

After submitting the contact form, you will receive an email from Epic Games to the email address you entered in the form. Because each person’s case is different, the wait time for this email varies.

Account Security Bulletin

Epic Games is providing this bulletin to explain what we're doing when it comes to security and how to best secure your Epic account and other accounts.

Shared Passwords

Though it’s common to use the same password across multiple Internet sites, this is a dangerous practice and should be avoided. If one of those sites is compromised, hackers can use your email and password from that site to break into your account on other sites using the same password.

Here’s what happens: Attackers frequently download password dumps - lists of username/password combinations -from third party sites and use “credential stuffing” to find out what other websites those credentials work on. When they are successful at logging in to those accounts, they see what trouble they can create for the account holder. In many cases, that appears as fraudulent V-Buck purchases.

Fake Fortnite Offers

We’ve seen several instances of account theft and fraud related to websites that claim to provide you free V-Bucks, Cosmetics or the ability to share or buy accounts. Please never share your Epic account details with anyone. Epic will never ask you for your password. Groups claiming to provide special Fortnite deals this way are fraudulent.

How Do I Know If I’m At Risk?

There is a fantastic web service Have I Been Pwned that will let you search your email address and determine if it has been part of any data breaches. If it has, you should assume that the password associated with that service is public knowledge and change all accounts that use it (not just your Epic account!).

Even if your account information hasn’t been publicly identified as leaked, it’s possible that it may be leaked in the future, so there are steps that you can do to help protect yourself against that. You can start by signing up for the Have I Been Pwned notification service so you’re immediately alerted if your email is ever included in future dumps.

What Are We Doing To Help?

We’ve been working hard to hunt down password dumps in order to proactively reset passwords for player accounts that may have been leaked online. This approach involves a lot of manual work on our side but we believe that it prevents a significant amount of fraud.

Unfortunately, this approach does not find every impacted account, because of this we are constantly working to automate and streamline our process for finding and resetting impacted accounts.

Good Security Practices

Use Unique Passwords

We recommend using unique passwords as a way to protect yourself from credential stuffing attacks. Having a unique password for every service will guarantee that one compromised account won’t lead to everything you own being stolen. Of course, it can be hard to remember so many different passwords.

Consider using a password manager to help. Using a password manager, you can generate a unique password for every service and only remember a single strong password (for the password manager).

Link Your Social Accounts For Extra Security

We offer support to integrate Facebook and Google logins with our Epic account system. This provides you with several advantages.

First, you can log in without needing to use your Epic password, as long as you’re actively logged in to Facebook or Google on your browser. You’ll receive a login prompt asking you to authorize the activity and then will be let straight in.

Second, you can always use these login methods to regain access to the account in the event that it is locked due to invalid passwords. Due to the additional security measures provided through Google and Facebook login, you can set correspondingly more secure passwords for your Epic account and then not worry about using them due to the pass-through authentication with Google and Facebook.

Install And Update Antivirus

While antivirus and antimalware products won’t solve every problem, they will help keep your computer safe from a lot of threats. Epic doesn’t endorse any particular product, but you can view a list of options here along with the various features of each. Keeping your computer clean of unwanted software will again minimize the number of ways your account can be compromised.

Keep Your Computer Up To Date

You should always keep your operating system, installed software, and drivers as up to date as possible. Small bugs from outdated drivers or software can result in performance issues or other game stability issues while missed security updates could compromise your entire computer. Epic always recommends updating to the latest secure versions of software and operating systems.

Don’t Trust Shared Systems

Logging in from a shared computer (cyber cafes, libraries, a friend’s house, etc.), introduces additional risk. Only log in on shared systems controlled by people you trust. Just by logging into your account on a shared system, your credentials could be stolen and you have no real insight into how secure those machines are. 

If you’ve used an untrusted shared machine in the past, we recommend changing your password to ensure that it’s not compromised. If you play on a shared machine on a regular basis, it is critical that you use a unique password for your Epic account and make sure to log out of the launcher when finished each time.

Enable Two-Factor Authentication 

Two-factor authentication adds an extra layer of complexity to your account security, this makes it much more difficult for someone to gain unauthorized access. Get protected now.

Be sure to also protect your accounts for other services too! This site will let you review different services and see which support it.

Additional Information

Don’t Share Accounts

While sometimes you might struggle to complete that quest and would love for a friend or family member to help, we encourage you not to share your account information with others. Any actions committed on your account are your responsibility. If someone cheats on your account and it is banned, it is your responsibility as the account holder.

Don’t Buy Accounts

Sometimes, people get tired of a game and want to quit - and would like to get something for the time they’ve invested in the game. As a result, they’ll list their accounts online. While you might be tempted to purchase one and gain access to the sweet skins they have, please don’t. As the original account creator, they are likely in possession of significant facts that may enable them to recover the account through our Player Support process (such as transaction history, address history, etc.) by claiming you stole the account.

There’s No Such Thing As A Free V-Buck

We know there are sites out there that offer free V-Bucks. Click here, put in your username, maybe answer a survey question or two, and you’ll get as many free V-Bucks as you’d like. Those sites aren’t real. They want you to enter your account credentials into their page (enabling them to log in as you and create fraudulent charges) or else encourage you to click down a chain of advertising referrals, getting click-through advertising money for the person running the site. Under no circumstances are those sites able to actually grant V-Bucks. Our legal team is constantly prowling to hunt down those sites.

If you’ve tried one of them in the past, we encourage you to change your password as soon as possible. 

Verify Email Address

While it is currently optional, we ask that you please verify your e-mail address associated with your Epic account. This helps protect your account with our two-factor authentication and makes it easier for Player Support to assist you in the event of any anomalous activity with your account.

Player Support Details

Need additional help? Our Player Support team is here for you. We have a Fortnite Help Portal with answers to many of your questions.

If there’s anything where you feel we need to clarify further or something else you’d like assistance with, feel free to e-mail in a request.