Epic Games being sued for failing to protect its users’ privacy

By Tom Beer


Aug 12, 2019

Reading time: 2 min

Epic Games, the developer behind Fortnite, has had a class action lawsuit filed against it by Franklin D. Azar & Associates in North Carolina.

The reason for the lawsuit is the view that Epic had not done enough to protect its players’ personal data.

A bug that was present in the game until January 19 was exploited by hackers to access debit and credit card details for millions of Fortnite account holders worldwide. With this data, hackers were able to purchase in-game currency or even sell entire accounts. They would then sell game codes for a profit, leaving owners of the hacked accounts to foot the bill.

A report by the BBC in December 2018 describes hackers as young as 17 years old making thousands of dollars by exploiting the bug.

The lawsuit is representing over 100 individuals. It is arguing that despite fixing the bug soon after its discovery, Epic did not do enough to inform its player base of the problem. The lawsuit states:

“Epic Games has not yet directly informed or notified individual Fortnite users that their [personally identifiable information] may be compromised as a result of the breach.”

Epic Games has not commented on the lawsuit as of this writing. Having enjoyed a broadly successful Fortnite World Championship event, Fortnite has become well known around the world, going well beyond the gaming community. The developer will not want this lawsuit to damage Fortnite’s image.

With a predominantly younger player base, some parents may be concerned that their children’s accounts may have been hacked or could potentially be hacked in the future. Epic Games has now added two-factor authentication options to help better secure accounts. However the lawsuit suggests that may not be enough to deter hackers.

“Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information,” the lawsuit reads.

Franklin D. Azar & Associates urge anyone who has been affected by the hack to get in touch with the firm.