Be careful what you post online; it can come back to bite you later. As was the case with Epic Games’ standout online game Fortnite. Due to an unsecured page on the Epic Games website, which was coded in 2004, hackers were able to gain access to millions of Fortnite user accounts and use credit card information to make in-game purchases. CheckPoint, a cybersecurity research company, discovered the Epic Games data breach. The cybercriminals sent phishing emails with a fake login, to many Fortnite users who clicked the link, and their accounts were hacked using token technology. The thieves also scavenged millions of user accounts and sold them on the dark web for a profit. Experts say the hackers got away with thousands just from in-app purchases. The hack also allowed criminals to listen in on chats along with taking over accounts. The most disturbing aspect of this is that kids mostly play the game, and the accounts were theirs.
When Did the Epic Games Data Breach Happen?
The actual data breach occurred sometime in late 2018. CheckPoint found the security flaw and reported it to Epic Games in November of 2018. However, it wasn’t until January of 2019 that Epic Games acknowledged the incident and repaired the vulnerability. They never confirmed the number of victims, but there are more than 200 million Fortnite players online, and security officials assume that all of them were breached.
How to Check if Your Fortnite Data Was Breached
Currently, there is no way to check online if your account was breached, and Epic Games has not confirmed an actual list of victims. However, they did post this response to the Epic Games data breach on their website:
“At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online. While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud. However, this approach doesn’t find every impacted account, or you might have created your Epic account after we checked a particular password dump.
As a result, we’re working to further automate our process to check our account database against password dumps to close the gap on identifying impacted users and resetting their passwords. We’ve also enabled multi-factor authentication, which provides players with additional security options.”
What to Do if Your Epic Games Data Was Breached
If you were a player of Fortnite and had an account before January of 2019, you were most likely a victim of data breach. Thousands of users complained of fraudulent charges on their credit and debit cards stolen during the Epic Games data breach. A few things you should address immediately are:
Cancel the credit or debit card and have your bank issue you a new one.
Change the password for your Fortnite account and use a strong password.
If you used the same password elsewhere, change those too.
If your child plays Fortnite, educate them about never clicking links in emails and how to stay safe online.
Consider signing up for credit monitoring with a company like IDStrong.com for peace of mind.
The Fortnite Lawsuit
FDAzar law firm filed a class-action lawsuit on August 8, 2019. The case is still in process and being decided by The Honorable Terrence W. Boyle. The law firm is encouraging anyone who was a victim of the Epic Games data breach is asked to contact an attorney at the law firm for assistance.
Can My Information From Fortnite Be Used for Identity Theft?
Yes, the account information stolen from Fortnite hack and sold on the dark web can be used to steal your identity. Once the hackers had your email address, they may have sent you a phishing email that looked like it came from Fortnite but did not. Many players also had their credit card information stolen. It doesn’t take much for thieves to steal your identity.
Online Gaming Safety Tips To Follow While Playing Fortnite
Online games are great fun, but you have to be diligent in staying safe. Follow these tips to keep your accounts safe from hackers.
Change your passwords frequently and always use strong ones.
Never reuse passwords on multiple websites.
Monitor your credit card accounts carefully and look for fraudulent charges.
Keep your computer and other devices updated with the latest security patches and antivirus software.
Never click a link in email or download attachments.