Available 24/7

Seven Days A Week


Call Us For A Free Consultation




FDAzar > Fortnite Data Breach Investigation

Fortnite Data Breach Investigation

how the data breach occurred

On January 16, 2019, Epic Games, creators of the Fortnite video game, acknowledged that a flaw in Fortnite’s login system allowed hackers to impersonate players and purchase in-game currency using credit or debit cards on file with the account. This acknowledgement came after Check Point, a cybersecurity research firm, successfully exploited a security vulnerability on an old, unsecured webpage operated by Epic Games. Check Point notified Epic Games of the vulnerability in November of 2018. Not until two months later did Epic Games acknowledge the flaw. Epic Games did not disclose how many accounts were affected by the data breach. Fortnite has an estimated 200 million registered users.

A Bleeping Computer report contains a graphic illustrating the hacking process where users would be redirected from Epic Games’ main login page to an old, unsecured Epic Games’ page where authentication tokens (the equivalent of digital keys that keep people logged in so that they do not need to re-enter their password every time they play the game) were stolen through injected JavaScript Code:

Before news of the data breach broke, the BBC reported that hackers were earning thousands of British pounds a week to hack Fortnite accounts, take them over, and resell them online.

AKotaku report revealed that another means by which hackers profited from hacking Fortnite accounts was by purchasing upgraded versions of the otherwise free game. When an upgraded version is purchased (for $99.99 or $150.00), the hacked account receives codes for free downloads of the standard edition of Fortnite, which retails for approximately $40. Hackers would then sell the codes online at deep discounts. Accounts may also have been hacked through “password dumps,” where hackers take thousands of known email and password combinations for other websites and load them into software that tests the combinations with Epic Games’ client. When hackers get a hit, they can access player accounts.


In response to the data breach, EpicGames posted an “Account Security Bulletin.” Under the “What Are We Doing To Help” section, Epic Games provides that:

At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online. While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud. However, this approach doesn’t find every impacted account, or you might have created your Epic account after we checked a particular password dump.
As a result, we’re working to further automate our process to check our account database against password dumps to close the gap on identifying impacted users and resetting their passwords. We’ve also enabled multi-factor authentication, which provides players with additional security options.

However, affected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures, some at their own expense, to minimize the risk of future data breaches including cancelling credit cards associated with their Epic Games/Fortnite accounts and changing passwords for those accounts. Furthermore, Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information. Fortnite users therefore have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.


You may have a claim against Epic Games if you have an Epic Games or Fortnite account, a credit or debit card linked to that account, and incurred charges on that linked card that you did not authorize or recognize. CONTACT FDAZAR IMMEDIATELY. We will fight to get you the recovery you deserve.


Franklin D. Azar & Associates is well known in the class action community. For over 30 years, our attorneys have protected the rights of individuals who have been taken advantage of by big corporations, and during that time, have secured over $1.5 billion in compensation – including over $750 million from Walmart in a wage and hour dispute that spanned approximately 26 states. FDAzar has been and is involved in class actions and mass tort against other large corporations like Facebook, Google, Marriot, Discover, Toyota, Hewlett Packard, British Petroleum, drug manufacturers, medical device manufacturers, and 401k providers. Our class action department is staffed with experienced and knowledgeable attorneys who focus on litigating large, complex cases on behalf of consumers, employees and investors who have suffered losses.

Contact Us Now

Free Consultation