Back in January of 2019 Checkpoint Research made a post explaining how Fortnite accounts were susceptible to a vulnerability that would have made accounts easy prey for scams. Epic Fixed the issue shortly after Checkpoint made their post, as reported by Gamasutra. However, more than 100 people have filed a class-action lawsuit against Epic for the vulnerability.
MS Power User cites an article from Polygon that is reporting that Franklin D. Azar & Associates filed the lawsuit in a U.S., District Court in North Carolina.
YouTuber YongYea did a video about the lawsuit, and some of Epic’s past run-ins with potential legal trouble.
Over on the Franklin D. Azar website, they explain why they’re suing even though Epic acknowledged the bug and fixed it, writing…
“On January 16, 2019, Epic Games, creators of the Fortnite video game, acknowledged that a flaw in Fortnite’s login system allowed hackers to impersonate players and purchase in-game currency using credit or debit cards on file with the account. This acknowledgement came after Check Point, a cybersecurity research firm, successfully exploited a security vulnerability on an old, unsecured webpage operated by Epic Games. Check Point notified Epic Games of the vulnerability in November of 2018. Not until two months later did Epic Games acknowledge the flaw. Epic Games did not disclose how many accounts were affected by the data breach.”
Epic Games did acknowledge the breach two months after it happened, and they did acknowledge that they fixed the breach… after it had been announced by Checkpoint.
In this case, Azar wants to sue Epic on the grounds that others may have lost funds or suffered financial losses due to the hack.
They explain further down the post…
“[…] affected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including cancelling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts. Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users therefore have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.”
Polygon stated there were more than 100 people part of the lawsuit, but neither Azar nor Epic Games replied to their questions for comment.
At this point it looks like this is more posturing than an actual lawsuit, and we’ll see if there’s anything to it as more people come forward with any testimonies of losses or hacked accounts that occurred during the time where Fortnite was reportedly vulnerable.
(Thanks for the news tip Jack Thompson)