I use Privacy cards for the majority of online commerce. If you aren’t familiar with them, they generate one-off card numbers that obfuscate your financial details and become locked to the merchant of first use. They also can create single-use cards that deactivate after the first charge.

The card I have tied to my Epic account generated two fraudulent charges on Dec 10 at Spanish-named locations. The charges were blocked, as they didn’t originate from Epic. On top of blocking the charges, Privacy deactivated the card number as they suspected fraud.

I’ve reached out to Epic for details, but they’re just sending scripted meaningless fluff, and its been almost forty days.

Am I right to assume this means Epic was themselves the victim of some breach? I don’t see any press releases or coverage of anything.

  • phx
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    11 months ago

    If their systems were breached, I’d expect charge attempts against whatever cards are funding that account, not the generated card #'s.

    • stevehobbes@lemy.lol
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      11 months ago

      Not if they only got log files from a period of time or something. Or they generated enough numbers that they figured out the algorithm for how privacy.com allocates and reuses numbers.

      • phx
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Possibly. We’ll probably see if there’s a pattern of compromised numbers between one or another