Alex Birlo on August 11, 2019
Up until now all everyone was focusing on – when it comes to Epic Games – is their business practices and the poor quality of their digital store. But this time major news came up hitting Epic Games from another direction. They are being sued as a result of the quality of their cybersecurity.
Long story short, Epic is facing a lawsuit from a group of individuals that have been affected by security flaw somewhere in the systems of Fortnite that was fixed somewhere in January or are concerned with the security of their accounts in the future.
The lawsuit was filed in by Franklin D. Azar & Associates in U.S. District Court in North Carolina. There are over a hundred members joined up in this class suit and what they blame Epic for is the “failure to maintain adequate security measures and notify users of the security breach in a timely manner.”
So in essence what Epic is accused of is that they did not notify the users personally – by email for example – of the security breach that was found. But also for the fact that this vulnerability existed in the first place.
The loophole was plugged and the company did speak to the press about the issue and apparently, not many people were affected, but the magnitude and the possible undetected consequences are too high to leave it at that.
The story goes this way, in January of this year a website called “Check Point Research” had published an article about how they discovered a “vulnerability in the Epic Games’ sub-domains” that would allow an attacker to receive information about a person’s Fortnite username and password, by simply creating and sending a link that only had to be clicked on by the target of the attack.
The guys at Check Point had first obviously notified Epic about this and they swiftly released a fix for the issue, talked to a couple of gaming news outlets about the problem, thanked Check Point and that’s the end of it.
Only when you think of it, the situation is much more serious than that. Thing is that – the article by Check Point Research states – the exploit existed there for an unspecified period of time before they have discovered it. They also say that it was there at least since 2018 and all the users were exposed to this exploit. That is over 200 million user accounts that could have been hacked for an unknown period of time.
Those who filed the lawsuit have a point there. You cannot take something of that magnitude so easily. At the very least they should have notified the users by an email or an in-game popup that their information might have been compromised and they should maybe change their password. And that information – might I add for a second – is everything including your purchasing data of various sorts, that could enable a hacker to buy things using your money and so much more.
This is another important question because Epic is an extremely big company. It possesses both money and influence, that might allow it to hire an “army of lawyers” to fight this lawsuit just like all the other ones. The only difference here is that there are over a hundred people all joined up in this one lawsuit and their claim has quite enough to go about to be a legit, legal accusation towards Epic.
Epic Game has a lot of “flops” so to say. They became extremely reach, extremely quick and not over a process of multiple successful projects, but over a single game that launched a major trend off of which they are now riding and gaining money.
This puts them in a position of some sort of overconfidence in their abilities. And that, in turn, makes the facts regarding their responsibilities towards those hundreds of millions of players, kind of elude them.
Check Point Research article: https://research.checkpoint.com/hacking-fortnite/