Hacker News new | ask | show | jobs
by janklimo 2994 days ago
How would an attacker use this information? Brute force attack on an account with known email address?
3 comments
bpicolo 2994 days ago
> Brute force attack on an account with known email address

Yup. These days I get a ton of break-in attempts for random accounts. My Epic Games account is disabled weekly due to failed login attempts from random actors.

Use a password manager and 2fa folks!

link
ReverseCold 2993 days ago
> My Epic Games account is disabled weekly due to failed login attempts from random actors.

Everyone has this (source: some thread on Reddit with a bunch of "me too" answers). It's a bug with their system and I don't think they know about it/care/(?)

link
bpicolo 2993 days ago
> It's a bug with their system

Confident about that? It's certainly not the only service I get break in attempts on, fwiw

link
ReverseCold 2993 days ago
Well first of all, someone else knowing your username should not be able to lock you out of your account. So even if it isn't a bug it's bad design.

It looks like you can still sign in even if your account is "locked" which further adds to the theory that it is a bug.

Here are a few threads with a bunch of "me too"s. [0][1]

[0] https://www.epicgames.com/fortnite/forums/battle-royale/roya... [1] https://www.epicgames.com/fortnite/forums/battle-royale/roya...

link
Mortiffer 2994 days ago
Also : smaller rainbow tables if you have some hashed passwords you want to reverse yourself
link
Mortiffer 2994 days ago
Better dictionary attacks
link