Epic Games hit with class-action suit over last year’s Fortnite data breach
Last year, Epic Games was subject to a data breach that potentially exposed login details for millions of user accounts. The breach came through an exploit that allowed attackers to steal credentials through single link clicks. As Check Point Research detailed when the 2018 attacks were acknowledged in January this year:
“By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker.”
Now, Epic Games has been hit with a class-action law suit for the attacks. Law firm Franklin D. Azar & Associates has grouped together 100 complainants, claiming that Epic failed “maintain adequate security measures and notify users of the security breach in a timely manner.”
Says the firm:
“…Affected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including cancelling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts.”
Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users therefore have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.”
While this does seem a little on the opportunistic side – given that Epic is raking in Billions of Fortnite Dollars every month – the company does have an obligation to keep its users records safe.