What You Need to Know About the Fortnite Breach

April 12, 2022

Table of Contents

The Fortnite breach exposed millions of credit card and personal banking details, potentially putting your data privacy at risk. 

Fortnite is made by Epic Games Studio and it is one of the most popular games on the planet, however, this game had a hard time before it saw the light of day. It was long ago when Fortnite was officially revealed in 2011 at the Spike Video Game Awards as a free game.

It was revealed as a base-building game where you build forts with the resources you are gathering and then fight the oncoming waves of enemies. The man who introduced this game to the world was Cliff Bleszinski who later left the studio to retire for a short period.

The data breach they suffered in 2018 rocked the industry.

Why Fortnite Matters: It’s Got Millions of Players

This game was growing as time was passing and now they have like 350 million players. The biggest peak for this game was in the 2018-2019 period when they welcomed an enormous number of players joining their game, however, from that time until now those numbers are still going up but with a slower tempo than before.

Since we mentioned the period between 2018 and 2019 you should know that Fortnite had a rough time in that period because they experienced a data breach in which many Fortnite users lost their account information related to Fortnite account.

If we know that hundreds of thousands or even millions of children play Fortnite, it is alarming to learn that their parents’ cards are linked to their user accounts.

Today we are going to talk about the biggest data breach that hit Fortnite.

Fortnite Data Breach in 2018

More experienced gamers probably know that data breaches can happen to almost any game, this kind of problem happened to Epic Games in 2018 when they experienced a data breach related to their Fortnite accounts.

Hackers attacked the Epic database and manage to steal an enormous number of accounts. Many of those accounts had a credit or debit card linked to their account and they were used to make fraudulent purchases that happened in-game.

After the process was done hackers then sold those accounts loaded with purchases made from the game on the dark web or other similar sites.

How did this Data Breach happen?

Epic Games creators of the Fornite game released a statement on 16.01.2019 informing people there was a flaw in their login system that allowed hackers to enter a big number of accounts. After they stole those accounts they impersonate players and made in-game purchases (purchase in-game currency) with the credit or debit card linked to these accounts.

At that time there was a cybersecurity research company named “Check Point” that managed to exploit a security problem on an old unsecured page that was operated by Epic Games but with very low security.

This company tried to notify Epic Games in November 2018 about the security vulnerability, however, they didn’t want to admit their problem for nearly 2 months period after which Epic Games acknowledged the flaw.

By the end of 2018, the data breach happened but Epic Games didn’t release a statement on how many accounts were affected by this attack. At that time Fortnite had an estimated 200 million registered users and many statistics show that a large percentage of those accounts were hacked.

A Bleeping Computer report tried to illustrate the whole hacking process, saying that users were redirected from Epic Games standard login page to an old and unsecured Epic Games page where their login information was stolen through injected JavaScript Code.

There was a report on BBC that those hackers were paid thousands of British pounds a week just to hack Fortnite accounts. After they hacked those accounts they went to resell them online.

The response from Epic Games

After this data breach happened in response to this Epic Games posted an “Account Security Bulletin” that was placed in the “What Are We Doing To Help” section on Epic Games website saying:

“At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online. While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud. However, this approach doesn’t find every impacted account, or you might have created your Epic account after we checked a particular password dump.

As a result, we’re working to further automate our process to check our account database against password dumps to close the gap in identifying impacted users and resetting their passwords. We’ve also enabled multi-factor authentication, which provides players with additional security options.”

This statement was released but affected Fortnite players that suffered big losses and had fraudulent charges made on their credit or debit cards and had to take additional security steps.

To protect themselves and to minimize the risk of future possible data breaches, they first made class action against Epic Studio and had to change their account passwords and cancel credit or debit cards associated with their Epic Games/Fortnite accounts.

What was worst, all these players had no guarantee that security measures taken by Epic Games will be able to protect them, especially because Epic Games was very quiet about the whole situation.

Most of the players requested answers and had an ongoing interest in ensuring that their private information is protected from past breaches and future cybersecurity threats. There was a class-action lawsuit settlement for any player that used the in-game currency with their credit card in their Fortnite account between 2015 and 2021.

The legal battle between Google and Epic Studio

Another situation worth mentioning was the legal battle that happened between Google and Epic studio in August 2020 after Epic studio decide to move to circumvent platform fees that made them receive a direct payment option in Fortnite, which lead to cutting their in-app purchases and game’s removal from App Store and Google Play.

Google came out with a statement regarding this situation.

“Epic breached these provisions of the DDA on August 13, 2020, by activating its external payment system through a hotfix in Fortnite designed to bypass Google Play Billing,” its suit reads.

“As a direct result of Epic’s breach of contract, Google has suffered an injury, including the loss of the DDA’s ‘service fee’ on a global basis, and the Google Play ecosystem has suffered an injury because the hotfix potentially exposed a security vulnerability that could be exploited for even more nefarious purposes.”

The Fortnite Data Didn’t Survive the Storm in 2018

This is certainly a famous data breach and it is known mostly because it affected a big number of people who play Fortnite. Epic Games today are still keeping Fortnite as one of the most popular games even in 2022.

Hacking days seem to be long gone but you can never relax and go with the flow. Those attacks are a constant threat and all these companies have to keep their security level on a high.

Fortnite is not the only game that had Data Breach and was attacked by hackers, there are a million examples of similar situations and cases. We present them to you so you can be informed and take care of your accounts no matter if they are gaming accounts, social media accounts, or something else, they all keep the personal information that needs to be secured.

Looking for more info on famous breaches? Check out our article on the Heartland Payment Systems Scandal here.


Free Mugshot Removal Analysis

  • By providing your contact information, you consent to receiving regular text message/email and phone communication from Erasemugshots.com
  • 100% Satisfaction Guaranteed

Table of Contents

Request Free Mugshot Removal Analysis

  • By providing your contact information, you consent to receiving regular text message/email and phone communication from Erasemugshots.com

erase mugshots red logo

100% Satisfaction Guaranteed

We offer a total mugshot removal solution to remove your mugshot and arrest details from the internet once and for all.