Fortnite: Class-Action Lawsuit Filed Against Epic Games Over Hacked Accounts

More than 100 class members involved.

Please use a html5 video capable browser to watch videos.
This video has an invalid file format.
Sorry, but you can't access this content!
Please enter your date of birth to view this video

By clicking 'enter', you agree to GameSpot's
Terms of Use and Privacy Policy

Now Playing: Fortnite Dev Gets Class-Action Lawsuit (Not For B.R.U.T.E. Mechs) - GS News Update

GameSpot may get a commission from retail offers.

Epic Games, the developer of Fortnite, is being sued in a class-action lawsuit after a security breach allowed hackers to access the personal information of users with Epic Games accounts.

The class-action lawsuit was filed by Franklin D. Azar & Associates in US District Court in North Carolina. The suit cites Epic's "failure to maintain adequate security measures and notify users of the security breach in a timely manner." It goes on to mention that there are more than 100 class members involved in the lawsuit.

Epic acknowledged the breach back in January, surmising that a bug in Fortnite may have exposed the personal information of millions of user accounts. The company fixed the issue, but the suit alleges that the company failed to notify affected users to the possibility of their personal information being compromised. The filing says that the plaintiff and anyone else affected by the breaches "have an ongoing interest in ensuring that their [personally identifiable information] is protected from past and future cybersecurity threats."

Check Point security researchers discovered the breach in November 2018 before Epic acknowledged it in January 2019. "We were made aware of the vulnerabilities and they were soon addressed," said an Epic Games spokesperson at the time. "We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others."

However, Check Point's report details an exploit that couldn't have been avoided by constant password changes. "By discovering a vulnerability found in some of Epic Games' sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured by the attacker."

"Even if you [had] a security product looking for anti-phishing, it wouldn't catch [the hack] because it's coming from a legitimate domain," Check Point's head of products vulnerability research Oded Vanunu said. Vanunu went on to encourage players to enable two-factor authentication for their Epic accounts. "Token hijacking is something that is happening on all major platforms," Vanunu continued. "We are starting to see malicious attackers looking for tokens more."

Got a news tip or want to contact us directly? Email

Join the conversation
There are 11 comments about this story
11 Comments  RefreshSorted By 
GameSpot has a zero tolerance policy when it comes to toxic conduct in comments. Any abusive, racist, sexist, threatening, bullying, vulgar, and otherwise objectionable behavior will result in moderation and/or account termination. Please keep your discussion civil.

Avatar image for nsa_protocol44

There you go, for the idiots who didn't believe that Epic has security problems and still defend Epic. You guys are the worst.

Avatar image for davillain-

Epic Fail!

Avatar image for Barighm

I stopped using a credit card on the internet a LONG time ago.

Avatar image for saltymemesoup

These toxic dude-bro gamers think they are entitled to protecting their own personal information. HA!

Avatar image for Thanatos2k

Over and over people try to say Epic's terrible store is "just a launcher."

No, it's a gateway to your personal information because of Epic's laughable data security.

Avatar image for brxricano

Been waiting for this. Steam thought they could get away with it, Australia banged out a hard lesson on them. I thought it would be AUS again, but now its.....North Carolina? Okay. Which is still bad because courts here are brutal. Yes i live here. Mostly, if it even looks like a loss, you already lost to these thirsty DAs hungry for a promotion in another county. So tbh i dont expect much from the South but i foresee a win. Same difference, and this is exactly how Steam got more "security features" and that digital fear of consumer retaliation put into them. Kudos on making it easy by making it obvious its your own exploit, since you can't prove who put it there, Epic. LOL.

Avatar image for SSJ4CHRIS

@brxricano: Epic's main office is in North Carolina. Epic may have to rethink buying all of those timed exclusives if they can't come up with a scheme to ward off this lawsuit like Nintendo did with the 100% free for whatever reason joycon repair plan. They will need that money to get real security for their store.

Avatar image for brxricano

@SSJ4CHRIS: Wasnt aware of that. They really shouldve done their research. They assumed litigation would take place in China. LMAO on that one. They will lose, and we will benefit as the leash tightens. Youre right, all that money spent will hurt their case even more. They wont get the mercy of the court because NC state will refuse to look bad on this one. This is a golden ticket for every state lawyer who can get in on this one. No scheme, they werent prepped for this one. Sit back and watch the dumpster fire.

Avatar image for NiteX

But it's just a launcher you guys don't be so entitled!

Avatar image for Daian

Their account security and launcher are an absolute garbage fire, and yet people that complain about it are told to shut up and that they're just being overdramatic.

Avatar image for sbargovox3

So, all those "rumours" about Epic account security being leakier than a sieve seems true. How encouraging for EGS in their march to save the games industry, one bribed developer at a time!