Franklin D. Azar & Associates states victims of this data breach have “suffered an ascertainable loss,” as it has “allowed hackers to impersonate players and purchase in-game currency using credit or debit cards on file with the account,” according to the lawsuit on the firm’s website. Although Epic Games took measures in response, the firm alleges users have “no guarantee” those measures will protect user’s information.
“This acknowledgement came after Check Point, a cybersecurity research firm, successfully exploited a security vulnerability on an old, unsecured webpage operated by Epic Games,” the law firm said. It wasn’t until two months passed did the dev team acknowledge the flaw, neglecting to disclose how many accounts were affected by the breach as a result.
Check Point Researchers‘ original report stated how the attack’s happened:
By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker.
The law firm is now on the search for users who could’ve possibly been affected by the breach and have a claim against Epic. The dev team has yet to make a comment.
In other gaming news, the next Call of Duty will reportedly be a reboot of Black Ops.