In a surprise move in response to a 2018 data breach, Epic Games website is facing a one 100 person class-action lawsuit over its failure to adequately protect Fortnite user data.
Over 100 complaints have been filed against the game developer over an XSS exploit attack that allowed hackers to steal the credentials of millions of Fortnite players in January 2018.
The lawsuit filed by Franklin D. Azar and associates alleges that Epic Games failed to maintain adequate security measures and that they neither addressed the issue nor notified users in a timely manner.
The attack came as an exploit was found by hackers that allowed them to access the login details of a Fortnite player from simply clicking a link.
This consequently resulted in many users of Epic Games’ flagship game Fortnite having fraudulent charges accredited to their bank accounts and have had to take extra security measures at their own expense to prevent future attacks on their bank accounts.
While Epic Games was quick to address the issue, many feel that for a company with the details of so many people that Epic Games should have been more careful and responsible with user data.
The XSS exploit was found by web security firm Check Point on an old subdomain at EpicGames.com.
Check Point stated that:
“By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker.
Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker.”
Simply put, all that a malicious hacker would have to do was to send a phishing link with the promise of free or cheap V-Bucks to a player inside Fortnite and if they clicked on the link it was possible to attain that user’s details and take control of the account.
While Check Point did inform Epic Games of what they had discovered, it was already too late for some users.
Many large companies including game developers such as Rockstar Games and even banks have now taken steps to integrate two-step verification for larger platforms, and while it may seem like a pain in the neck, it is necessary in order to keep your data safe.
Over 80 million gamers play Fortnite and Epic Games has advised users to keep their credentials personal, use strong passwords and to be vigilant when clicking on links.
However, the responsibility of this particular issue lies solely with Epic Games, as users are not responsible for back end exploits of Epic Games subdomains.
As of yet, Epic Games has not commented on the class action lawsuit.
Please share your thoughts in the comments section.
Font supplied by https://fontmeme.com
All images are copyright of their respective owner(s) and ChartX Games where applicable.
Michael is the sole writer and owner at chartxgames.com.
Many thought that his youth (and adulthood) playing video games was a waste of time but here he is writing about them for a living.
Michael has a background in IT and enjoys (apart from video games) building and repairing PC’s, digital artwork (Photoshop, 3DS Max) and has interests in too many subjects to mention.