Epic Games facing class-action lawsuit over Fortnite login exploit
Epic Games is being slapped with a class-action lawsuit due to a security breach earlier this year.
The suit, first reported by Polygon, was filed by U.S. law firm Franklin D. Azar & Associates and represents over 100 class members. The firm states that Epic failed to “maintain adequate security measures and notify users of the security breach in a timely manner.”
In the firm’s statement, it further condemns Epic:
…Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including cancelling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts. Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users, therefore, have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.
The security problem laid in Fortnite’s login system, which allowed hackers to carry out an XSS attack. All that was needed was a link, that once clicked, will capture a users Fortnite username and password. This, in turn, allowed the attackers to access personal information like credit card numbers and home addresses.
While Epic acknowledged this security flaw and fixed it in January, however, it came two months after the exploit was first discovered and made known to Epic by Check Point Research.