A class action lawsuit has been filed against Epic Games over Fortnite hacking which potentially saw users credit card information exposed.
Last year, hacking became a major problem in the mass multiplayer online game Fortnite. While hacking into games isn’t anything new, the hacking potentially saw account information such as credit card information possibly exposed. This has sparked a class action lawsuit from Franklin D Azar & Associates. The law firm is calling on users who may have been impacted by the hacking of the video game.
More from Green Man Gaming:
In its justification for the class action lawsuit, FDAzar said: “On January 16, 2019, Epic Games, creators of the Fortnite video game, acknowledged that a flaw in Fortnite’s login system allowed hackers to impersonate players and purchase in-game currency using credit or debit cards on file with the account. This acknowledgment came after Check Point, a cybersecurity research firm, successfully exploited a security vulnerability on an old, unsecured webpage operated by Epic Games. Check Point notified Epic Games of the vulnerability in November of 2018. Not until two months later did Epic Games acknowledge the flaw. Epic Games did not disclose how many accounts were affected by the data breach. Fortnite has an estimated 200 million registered users.”
In an Account Security Bulletin originally posted in late January 2019, Epic Games explained how hackers were using what were effectively phishing techniques to hack Fortnite accounts, saying: “Attackers frequently download password dumps – lists of username/password combinations – from third party sites and use credential stuffing to find out what other websites those credentials work on. When they are successful at logging in to those accounts, they see what trouble they can create for the account holder. In many cases, that appears as fraudulent V-Buck purchases.”
“We’ve seen several instances of account theft and fraud related to websites that claim to provide you free V-Bucks or the ability to share or buy accounts. Please never share your Epic account details with anyone.”
Epic Games said at the time that it was hunting down those password dumps, and attempting to: “Proactively reset passwords for player accounts when we believe they are leaked online.” But FDAzar believes that despite that action, Epic Games is still open to a class action lawsuit: “However, affected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including canceling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts. Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users, therefore, have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.”
We’ve been noticing a lot of lawsuits being sparked by security incidences lately here on Freezenet. The Capital One data breach saw not one, not two, but three lawsuits. Last month, we saw the Equifax settlement over their data breach.
Really, it’s not all that surprising that these lawsuits are being filed in the first place. Since federal level lawmakers aren’t exactly pushing for major changes in the law like what we saw in Europe when they passed the General Data Protection Regulation (GDPR) last year, we’ll likely see this cycle continue for the foreseeable future.
Drew Wilson on Twitter: @icecube85 and Facebook.
