Your friends are getting friend requests or messages you never sent, you got a login alert from a country you have never visited, and the password you have used for years suddenly does not work. That stomach-drop feeling is real, but so is the good news here. Epic gives you several ways back in, and if you still have access to the email on your account you can usually be back in control within minutes. Even in the worst case, where the attacker changed your email and locked you out completely, Epic processes account recovery requests and says it will notify you of the outcome within 48 hours of receiving the request (allow up to 3 days in some cases).
Before you touch anything, two ground rules that keep you safe while you recover. Start the process on a device, browser, and network you have signed in from before, since Epic recognizes those and trusts them more readily. And never create a brand-new Epic account to report the hacked one, because that splits your history and slows everything down. Work the steps below in order, starting with the fastest fix that applies to your situation.
First, Confirm the Compromise and Reset What You Can
Try signing in normally before assuming the worst. A failed login can come from a forgotten password or a typo, not always a hacker. But if you are seeing login alerts from another location, your email or password changed without your doing it, or contacts report odd activity from your account, treat it as a real compromise and move fast.
If you can still sign in, change your password immediately. Sign in to your Epic account, open Password & Security, and scroll to Change your password. Enter your current password and a new one that is more than seven characters with at least one number and one letter, no spaces, and that does not match any of your last 5 passwords. Changing your password logs out anyone signed in through the website, which is exactly what you want.
Change Your Password and Log Out All Other Sessions
A password change alone does not always evict an intruder, because some active sessions can linger. The decisive move is to force a sign-out everywhere so every device and session, including the attacker's, gets kicked.
- 1.In your Epic account, open the Password & Security tab.
- 2.Scroll to the Sign out everywhere section and choose the option to sign out.
- 3.Epic emails a security code to your registered email address.
- 4.Enter that code to force every device and active session to sign out.
One word of caution that applies to this step and every step after it. The code Epic emails you is for you alone. Never share a verification code, your password, or a two-factor code with anyone who contacts you, even someone claiming to be Epic support. Real support will never ask you to read out a code.
When You Are Locked Out but Still Have Your Account Email
If the attacker changed your password but left your email alone, you can take the account right back. Epic only lets you reset a password through the account email, never through a phone number, so your inbox is the key here.
- 1.Go to the forgot-password page and enter the email address on your Epic account.
- 2.Open the email Epic sends and copy the security code from it.
- 3.Enter the code, set a new password, and sign in.
Epic sends a confirmation email when the password changes. If you receive one of those confirmation emails that you did not trigger, that itself is a strong sign someone is poking at your account, and you should reset right away.
Getting Past a Two-Factor Prompt the Attacker Set Up
Sometimes you know the password but a two-factor authentication (2FA) prompt blocks you. This happens when you lost your authenticator app, changed your phone number, or an attacker turned on 2FA to lock you out. Epic builds in a path around it.
On the 2FA prompt, click "Try another way." From there you have two options. If you saved the backup codes Epic gave you when you first set up an authenticator app, choose "Enter your Two-Factor verification backup codes" and use one. If you do not have a backup code, choose "Email Verification" and Epic sends a code to your account email instead.
Keep in mind that backup codes are generated only for the authenticator-app method, which Epic calls its strongest protection. If you never used an authenticator app, the Email Verification route is your way through.
Sign In Through a Linked Console or Social Account
If the email reset is not working, check whether you ever linked an external account. Epic accounts can connect to PlayStation, Xbox, Nintendo Switch, and other services, and any of those can serve as a side door back in.
Sign in to your Epic account using the external credentials for one of those linked services. Once you are inside, immediately reset your Epic password from within the account so the intruder's stolen password no longer works. This route is handy precisely because it does not depend on the email or password the attacker may have tampered with.
If the Hacker Changed Your Email and Locked You Out
The hardest case is losing access to the account email itself, either because the hacker swapped it out or because that mailbox is also compromised. Work it in this order.
- 1.First, try to restore access with your email provider directly, using their own recovery process.
- 2.If that fails, go to the reset or recovery screen and choose "Lost access to this email address?"
- 3.Epic then asks for additional information to find and recover the account, so follow the on-screen instructions and provide as much detail as you can.
The more accurate detail you give about the account, such as past payment methods, purchase history, the original email, and linked platforms, the faster Epic can verify you are the real owner. This is also the moment to be careful about where you are. Confirm you are on the genuine official Epic domain before you enter credentials or upload any ID, and never pay a third-party "account recovery service" promising to get your account back. Epic does not charge a fee to recover your account, and those services cannot do anything you cannot do yourself for free, while handing them your details only puts you at more risk.
Lock the Account Down So It Cannot Happen Again
Once you are back in, harden the account before the attacker tries again. The single most effective step is enabling two-factor authentication, which blocks access even if someone knows your password.
- 1.Go to the Account page and open the Password & Security tab.
- 2.Find the two-factor authentication options and choose a method, either an authenticator app (the built-in Epic Authenticator or a third-party app), SMS, or email.
- 3.Pick the authenticator app if you can, because it is the strongest method and the only one that issues backup codes.
- 4.Save those backup codes somewhere safe and offline so a lost phone never locks you out.
You manage or change all of this later under Account, then Password & Security, where you can disable or switch your 2FA method if you need to.
Cut Off Connected Apps and Console Accounts You Do Not Recognize
An intruder may have linked their own console or platform account to ride back in even after you reset everything. Close that door too.
- 1.Verify your email address on the account if you have not already.
- 2.Open the connected or linked accounts area of your Epic account.
- 3.Review every connected service and unlink any console or platform account (Xbox, PlayStation Network, Nintendo Switch, and others) that you do not recognize or no longer want attached.
Removing an unfamiliar link severs a path the attacker might otherwise use to sign back in, so do not skip this even if your password and 2FA are already locked down.
When Self-Service Fails, Reach a Real Person and Track the Request
If none of the above gets you back in, it is time for Epic player support. Go to the Epic Games Account Support page at www.epicgames.com/help/c-202300000001645, search your issue, then scroll to the bottom and choose Contact Us, or use the Epic Support Assistant chat option. Pick the option that fits your situation and complete the form with as much detail as possible. You can submit by email or start a live chat.
After you submit an account recovery request, Epic sends a confirmation email with a link to check your account recovery status. Use that link to follow your case. Epic states it will notify you of the outcome within 48 hours of receiving the request, and in some cases you should allow up to 3 days for processing. Resist the urge to file a second request or open an extra ticket for a status update, since duplicates will not speed anything up and can slow your case down.
Frequently Asked Questions
How long does Epic take to recover a hacked account?
Epic states it will notify you of the outcome of an account recovery request within 48 hours of receiving it, or let you know if it needs more time. In some cases you should allow up to 3 days for the request to be processed. You can follow progress using the link to check your account recovery status in your confirmation email rather than filing a new request.
Can I get back in if the hacker changed my email address?
Yes, but it takes an extra step. First try to restore access with your email provider directly. If that does not work, choose "Lost access to this email address?" on the reset or recovery screen, and Epic will ask for additional information to find and recover the account. Provide as much detail as you can to help verify you are the real owner.
What if two-factor authentication is blocking me from signing in?
On the 2FA prompt, click "Try another way." If you saved your backup codes when you set up an authenticator app, choose "Enter your Two-Factor verification backup codes." If not, choose "Email Verification" to have Epic send a code to your account email. This covers a lost authenticator app, a changed phone number, or 2FA an attacker enabled.
Does Epic charge a fee or work with paid recovery services?
No. Epic does not charge a fee to recover your account, and you do not need any paid third-party "account recovery service." Those services cannot do anything you cannot do yourself through Epic's official recovery flow, and handing them your credentials only puts you at more risk. Stick to the genuine official Epic site.
Will anyone from Epic ask me for my password or a verification code?
Never. Real Epic support will not ask you to share your password, a verification code, or a two-factor code. Any message that requests one of those is a scam. Only enter codes and credentials on the genuine official Epic domain, and only after starting recovery on a device and network you have signed in from before.
What is the fastest way to kick an intruder out right now?
If you can still sign in, change your password under Password & Security, then use the Sign out everywhere section to force every device and session to sign out. Epic emails you a security code to confirm. After that, enable two-factor authentication with an authenticator app and review your connected accounts to unlink anything you do not recognize.
