[BreachExchange] Tencent-backed Epic Games faces class-action lawsuit over data breach

Destry Winant destry at riskbasedsecurity.com
Wed Aug 14 10:37:21 EDT 2019


Tencent-backed developer Epic Games is facing a class-action lawsuit
after a data breach allowed hackers to access data from millions of
its users.

Why it matters: The breach affected players of “Fortnite,” which
gaming and social media giant Tencent brought to China prior to a
government freeze on game approvals in the country last year.

Epic Games acknowledged the vulnerability in January, saying that
millions of users may have been affected.
In 2013,  Tencent bought a 40% stake in US-based Epic Games for $330 million.

“Affected Fortnite users have suffered an ascertainable loss in that
they have had fraudulent charges made to their credit or debit cards
and must undertake additional security measures.”

—Franklin D. Azar & Associates, which filed the class-action suit in
North Carolina, US

Details: Researchers at US-based cybersecurity intelligence firm Check
Point discovered a number of vulnerabilities in Epic Games’ online
platform late last year. They said the weaknesses may have allowed
hackers to take over user accounts, access personal data, and purchase
in-game virtual currency V-bucks.

- More than 100 people are class members in the lawsuit, according to
Franklin D. Azar & Associates.
- The law firm said that Fortnite users have no guarantee that
measures Epic Games took following the breach, which includes password
resets multi-factor authentification, would adequately protect its
- It also said that Fortnite users have an ongoing interest in
ensuring that their personal data is protected from cyberattacks in
the past and the future.
- Franklin D. Azar is now seeking other Fortnite users who have
noticed unauthorized charges on bank cards linked to their accounts.

Context: The gaming industry is an attractive target for hackers, due
to the wealth of data created and the exchange of fiat to in-game

Chinese state-backed hackers Advanced Persistent Threat 41 were
recently found expanding beyond espionage, targeting the video game
industry for financial gain.

More information about the BreachExchange mailing list