A class-action suit has been filed against Epic Games over a 2018 data breach which exposed Fortnite accounts to XSS attacks.
The over 100-person class-action suit was filed due to the 2018 data breach which allowed hackers access to personal information.
According to Polygon, the claim filed by law firm Franklin D. Azar & Associates states Epic Games failed to “maintain adequate security measures."
After the flaw was exposed, Epic fixed the security hole in January 2019, but the suit claims Epic didn't address it or notify users of the breach in a "timely manner."
"Epic Games has not yet directly informed or notified individual Fortnite users that their [personally identifiable information] may be compromised as a result of the breach,” the lawsuit states.
As Polygon notes, Check Point Researchers found a vulnerability in Epic Games sub-domains. The allowed nefarious folks to use XSS attacks by sending a link to a user.
Once the link was clicked, a user's account could be hacked into without the user providing any login credentials. It basically exposed the Fortnite player's username and password which could then be used by the attacker to make fraudulent purchases.
“You may have a claim against Epic Games if you have an Epic Games or Fortnite account, a credit or debit card linked to that account, and incurred charges on that linked card that you did not authorize or recognize," the law firm stated in the filing.
Polygon has reached out to the law firm for a statement, and Epic declined to comment due to the filing.