Epic Games who developed Fortnite has been sued for not protecting Fortnite accounts from hackers.
There are currently more than 250 million registered Fortnite accounts which is a big thing for Epic Games, who developed the game. At the same time, it is a lucrative target for hackers and that’s the reason when Fortnite is in the news it gets a great deal of attention.
This time, however, Fortnite has made headlines for all the wrong reasons. Reportedly, Epic Games has been sued for not protecting the personal information of registered users after it suffered a data breach allowing hackers to access their private and banking information to carry out purchases.
The class-action lawsuit was filed in US District Court in North Carolina by Franklin D. Azar & Associates highlighting Epic Games’ “failure to maintain adequate security measures and notify users of the security breach in a timely manner.”
It is worth noting that the data breach was originally discovered in November 2018 by Check Point, an Israeli cybersecurity giant. The breach took place after hackers exploited a vulnerability in Fortnite’s login system. However, Epic Games only acknowledged the breach in January this year.
“We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others,” the company said in January 2019.
“Affected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including canceling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts,” Franklin D. Azar and Associates states.
“Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users, therefore, have an ongoing interest in ensuring that their personal information is protected from past and future cyber-security threats,” the law firm said.
However, slapping the company with a lawsuit is not the solution since Epic Games has a history of data breaches. In August 2016, a data breach allowed hackers to steal over 800,000 Epic Games’ user accounts (mostly from Unreal Engine and Unreal Tournament forum).
At that time, hackers exploited an SQL vulnerability. The stolen data included usernames, email address with encrypted passwords, date of birth, IP addresses, Facebook access tokens, comments and activity history on both forums.
In October 2016, a dark web vendor going by the online handle fo DoubleFlag stole a database containing 277,944 Epic Games’ accounts and sold it on now seized dark web marketplace Hansa. The stolen accounts were being sold for BTC 0.4721 which, at that time was almost $300.