Epic Games, the designer of popular video game Fortnite, faces a class action alleging that consumer information was compromised in a data breach. There are around 80 million people who play the game every month and around 200 million total registered users on computer, console, and mobile platforms. In his recent Fortnite class action, plaintiff Michael Heidbreder claims that “a flaw in Fortnite’s code” allowed hackers to collect the personal information of the 200 million players who have registered as users. Ring of Fire’s Farron Cousins discusses this with Scott Hardy from Top Class Actions.
*This transcript was generated by a third-party transcription software company, so please excuse any typos.
Farron Cousins: Fortnite has become one of the most popular video games here in the United States with 80 million monthly users and over 200 million registered users. But earlier this year, back in January, they announced that they had suffered a massive data breach when hackers exploited a really very obvious fatal flaw with their design. And now a class action lawsuit claims that some of that data was later sold on the dark web that Fortnite creator Epic Games did not do enough to warn consumers about the problem and I have Scott Hardy from Top Class Actions with me.
Scott, Fortnite, you and I have talked about this a little bit in the past, I think when the original data breach occurred. Now we’ve got this lawsuit because people are saying, listen, my data is out there now. My, my debit card, my credit card, you know, possibly my address, you know, depending on how the signups worked here, this is not okay. And you, Epic Games did not do enough to tell me that this happened.
Scott Hardy: Right, exactly. We see a number of missteps here from Epic Games according to the class action. And those missteps include, you know, this security concern was released back in November of last year, but Epic didn’t actually do anything about it and then we see a class action filed back in January when they say, yeah, there was data breach. So they had a timeframe where they knew about it and they didn’t fix it and then they fixed it. But all of these gamers out there, there are more than 200 million registered Fortnite gamers. So it’s a huge audience out there, could have been impacted.
And these hackers used old unsecured servers that were run by Epic to redirect these viewers. So what they would do is they’d go into a forum and say, hey, buy or, or Fortnite you can get this new gun, costume, whatever. Click on this link, sign up now and you can get this cool new, awesome Fortnite gadget. Well, when you clicked on that link, you hit one of Epic servers and then got redirected into the hackers area and they took your, their data and they were able to sign on to people’s accounts, get all this personal information and then purchase things in game and oftentimes resell them to other gamers.
So there was a, an immense amount of fraud that took place according to this class action. And if Epic had just as soon as that, as soon as that security flaw was released last year, fixed it and then notified everybody, hey, this was released, don’t fall for this type of phishing or hacking scheme. They could have really limited the damage that was done to their players. At least that’s what this class action alleges. And unfortunately it didn’t happen that way.
Farron Cousins: We know, we see this in a lot of issues where we have to talk about data breaches and, you know, information leaks and hacks and things like that is that the companies typically don’t want to let people know right away. And part of the reason for that is just because the company has to come out and admit, listen, we screwed up. We had this vulnerability that we did not address, and companies don’t like to do that. They, you know, because it erodes consumer confidence in the company. You know, whether it’s a Fortnite, Yahoo, Facebook, Equifax, all of these things.
If they had just come forward at the time and admitted, listen, we’re not perfect. We had a big screw up, we fixed it. We will do our best to never let it happen again. Here’s what you need to do. But nobody ever does that. Nobody ever takes that responsibility and says, listen, we messed up. We’re going to make it right for you. And as a result, they get popped with these lawsuits and rightfully so because they could have done something about it so much sooner, including warning consumers that had even happened in the first place.
Scott Hardy: Right, and when you, when you have notifications of these data breaches, they know it happened. They should have done a much better outreach to their gamers to better secure and educate their gamers so they don’t fall for these tricks that are used by hackers and password phishers to get access to their accounts. If we saw some, some, some better, you know, really outreach by Epic Games, I think we would have seen less of an impact from that security breach. But either way, you know, it really negatively impacted a lot of Fortnite users. But of course Fortnite is still hugely popular. So maybe Epic is just like trying to move past it here and say this doesn’t happen. Please continue to spend, you know, $1 billion a year on this game.
Farron Cousins: Yeah, and that’s also, you know, another part of the problem is just the fact that games today you, you have to put in your, your card information. You know, you have to buy extra things if you want to be super great at the game and it’s just kind of the evolution of gaming. It is disappointing, but it also again puts consumers at enormous risk. For more information about this issue, if you think you may have been affected, please follow the link in the description of this video, go to topclassactions.com. Get all the info on this as well as plenty of other stories. And of course while you’re there, make sure you sign up for their weekly newsletter. Absolutely one of the best resources in this country for American consumers. Scott Hardy with top class actions. Always a pleasure talking to you.
Scott Hardy: Great talking to you too, Farron, thank you.