The suit was brought on behalf of those affected by a security gap in Epic’s log-in system
Epic Games is being sued over security breaches that allowed hackers to access the personal information of Epic Games accounts.
The class-action lawsuit, filed by Franklin D. Azar & Associates in U.S. District Court in North Carolina, alleges Epic’s “failure to maintain adequate security measures and notify users of the security breach in a timely manner.” The lawsuit states that “there are more than 100 class members.”
In January, Epic acknowledged that a bug in Fortnite may have exposed personal information for millions of user accounts. Check Point Researchers originally reported how the attacks were carried out:
By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker.
Epic Games acknowledged and fixed the issue, but the suit alleges that the company has failed to notify affected users. “Epic Games has not yet directly informed or notified individual Fortnite users that their [personally identifiable information] may be compromised as a result of the breach,” the lawsuit says.
According to the filing, the plaintiff and anyone else affected by the breaches “have an ongoing interest in ensuring that their [personally identifiable information] is protected from past and future cybersecurity threats.”
Polygon reached out to Franklin D. Azar & Associates and Epic Games; the law firm has yet to respond and Epic Games declined to comment on the suit.