While the Epic Games Store includes some features that help it stand out from the competition, such as a free game every two weeks, it lacks some basic necessities that have left gamers scratching their heads. Case in point: the Epic Games Store doesn’t verify emails when users create accounts. Unscrupulous people can create fraudulent accounts, and the people who own the associated email addresses are none the wiser. Did I say can create fraudulent accounts? I meant have created fraudulent accounts.

Recently, a reddit user by the name of -dov- brought this issue to light. In their thread, -dov- recounts a situation that might seem all too familiar to some readers.

Apparently, -dov- tried to create an Epic Store account and discovered several fraudulent accounts that used emails addresses they owned. Doing what any rational person would do, -dov- deactivated the accounts, changed the email address passwords, and checked their bank and credit card statements for fraudulent activity. Everything seemed fine, and that’s when the wheels started turning in -dov-‘s head.

https://twinfinite.net/2019/03/psa-epic-store-doesnt-validate-email-addresses/

So... make say 50-100 accounts. Get the free games for a year. Then start selling accounts for a couple dollars apiece?

Or if someone's using your email you can grab the account back with it's booty.

This. I'm not seeing a problem here for owners of emails, and the shittiness of the Epic Store for its customers is not exactly breaking news.

This is one of the (many) reasons why e-mail addresses should be kept confidential and never be used as a username (etc., etc.), but alas, so many services (ehem, GOG included) seem to not understand the potential security and privacy impllications. Oh well, you can always set up a dummy e-mail address for each service, which is exactly what I've done.

E-mail addresses and phone numbers should be protected as well as passwords in my opinion, and should never be divulged to other users (strangers). (Looking at you Facebook = search users by phone number used for 2FA). This is 2019, not 2009.

The user you mentioned in the op should consider his e-maill address permanently compromised (duh) and should stop using it. Sucks if it's his work or main e-mail account. When will people learn = (shakes head).

I remember when it was only unreal tournament on the store they had the account verify thing. I since left due to Epic putting all staff from Unreal Tournament straight to Fortnight killing unreal... never been happy about that. but eh at least we got 1999 and 2004 and I still have my disc copies of 2003 and 3.

Epic verifies emails.