Comment This explains a lot (Score 1) 27
This explains how my Epic account was breached last year even though it used a UNIQUE password.
$600 dollars withdrawn from my Paypal account (saved prior authorization that was immediately removed after this incident) within a matter of 30 seconds.
Even after enabling 2FA my account was still breached, my user name was changed to random alphanumeric nonsense and my friends' list deleted. It wasn't until I changed my password that the unauthorized activity stopped... apparently killing any existing valid authentication tokens.
So either two ways this could have happened:
1. Epic's account database was compromised (possible but no public breach has ever been announced)
2. Some exploit in authenticating account access
Even after enabling 2FA my account was still breached, my user name was changed to random alphanumeric nonsense and my friends' list deleted. It wasn't until I changed my password that the unauthorized activity stopped... apparently killing any existing valid authentication tokens.
So either two ways this could have happened:
1. Epic's account database was compromised (possible but no public breach has ever been announced)
2. Some exploit in authenticating account access