Tencent-backed developer Epic Games is facing a class-action lawsuit after a data breach allowed hackers to access data from millions of its users.
Why it matters: The breach affected players of “Fortnite,” which gaming and social media giant Tencent brought to China prior to a government freeze on game approvals in the country last year.
- Epic Games acknowledged the vulnerability in January, saying that millions of users may have been affected.
- In 2013, Tencent bought a 40% stake in US-based Epic Games for $330 million.
“Affected Fortnite users have suffered an ascertainable loss in that they have had fraudulent charges made to their credit or debit cards and must undertake additional security measures.”
—Franklin D. Azar & Associates, which filed the class-action suit in North Carolina, US
Details: Researchers at US-based cybersecurity intelligence firm Check Point discovered a number of vulnerabilities in Epic Games’ online platform late last year. They said the weaknesses may have allowed hackers to take over user accounts, access personal data, and purchase in-game virtual currency V-bucks.
- More than 100 people are class members in the lawsuit, according to Franklin D. Azar & Associates.
- The law firm said that Fortnite users have no guarantee that measures Epic Games took following the breach, which includes password resets multi-factor authentification, would adequately protect its users.
- It also said that Fortnite users have an ongoing interest in ensuring that their personal data is protected from cyberattacks in the past and the future.
- Franklin D. Azar is now seeking other Fortnite users who have noticed unauthorized charges on bank cards linked to their accounts.
Context: The gaming industry is an attractive target for hackers, due to the wealth of data created and the exchange of fiat to in-game currencies.
- Chinese state-backed hackers Advanced Persistent Threat 41 were recently found expanding beyond espionage, targeting the video game industry for financial gain.