Class Action Removed to IL District Court Chides Epic Games Over Alleged ‘Fortnite’ Cybersecurity Vulnerabilities
Krohm v. Epic Games, Inc.
Filed: April 8, 2019 ◆§ 5:19-cv-00173
Fortnite developer Epic Games faces a proposed class action filed over a cybersecurity vulnerability that exposed players' personal and payment card information.
A proposed class action outlines allegations that Epic Games is responsible for a “catastrophic” cybersecurity vulnerability reportedly affecting its Fortnite video game.
The lawsuit, filed on February 15 and removed from Illinois circuit to district court on April 8, says that Epic Games, around or before November 2018, became aware of a cybersecurity vulnerability in Fortnite that allowed unauthorized third parties to hijack players’ accounts and access credit card details and other personally identifiable information. Bad actors were allegedly able to access Fortnite players’ identifiable information through what the case calls “security token jacking,” which was only possible due to Epic Games’ apparent failure to have in place rudimentary security measures:
“The Vulnerability existed because Defendant failed to implement a basic precautionary technical measure that would have prevented unauthorized third-parties the ability to retrieve and reuse the ‘security tokens’ associated with Plaintiff’s and other user’s accounts. Once armed with the security token for a given account, a hacker is able to access and utilize every feature of such account, including the ability to make purchases of Defendant’s Vbucks currency using the account Payment Information.
Such security-token-jacking schemes are increasingly common, and any reasonably-robust cybersecurity and information technology regime must account for the ultimate disposition, including reusability, of security tokens. Defendant has failed in this regard.”
Once in possession of a player’s payment data, the case says, a cybercriminal can then make in-game purchases of Fortnite’s “Vbucks” in-game currency, which can then be sold on the secondary black market. As the 34-page suit tells it, “Vbucks” currency is particularly lucrative for cybercriminals.
Moreover, the alleged cybersecurity vulnerability allows unauthorized individuals to secretly listen in on conversations between Fortnite players, including between those who are minors. For its part, Epic Games, the lawsuit says, failed to implement basic security measures—as well as remedy the issue in a timely fashion—that could have prevented, or at least mitigated, the damage of the security vulnerability.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.