Epic Games are facing a class-action lawsuit following a security breach that may have allowed hackers to gain access to personal information of Epic Games account holders in 2018. Just another Friday in the 21st century.
The suit, which Polygon reports was filed by law firm Franklin D. Azar & Associates and comprises over 100 class members, claims Epic failed to “maintain adequate security measures and notify users of the security breach in a timely manner.”
“[A]ffected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including cancelling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts,” reads a statement from the firm.
“Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users therefore have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.”
“You may have a claim against Epic Games if you have an Epic Games or Fortnite account, a credit or debit card linked to that account, and incurred charges on that linked card that you did not authorize or recognize.”
Epic Games first acknowledged the security problem in January, two months after a bug in Fortnite potentially exposed the personal information of millions of users. The hack, known as an XSS attack, only needs a user to click a link to capture their username and password. While Epic fixed the problem, the suit alleges that the affected users were not notified of the security breach.
We’ve reached out to Franklin D. Azar & Associates and Epic Games for comment.