Fortnite Breach Suit Highlights Video Games' Oversized Cyber Vulnerabilities
The cyber threats faced by the video game industry are likely higher than those faced by others, while the industry's liabilities are unique as well. Games platforms popular with children, for instance, may fall under the Children's Online Privacy Protection Act.
August 19, 2019 at 11:30 AM
4 minute read
Fortnite video game developer Epic Games Inc. isn't just dodging digital adversaries—now it's being slammed with a class action lawsuit over a data breach. Lawyers said that, while cyberattacks faced by the video game industry aren't unique, hackers are incentivized to strike high-profile games and target their in-game assets.
A lawsuit filed in the U.S. District Court for the Eastern District of North Carolina is based on cybersecurity firm CheckPoint's January announcement that hackers breached Epic Games users' accounts and had access to their passwords, credit and debit card information, and other personally identifiable information.
In the class action suit, Epic Games is accused of failing to provide timely notice of the data breach, not exercising "due care" in the collection, storage and safeguarding of users' information and other accusations.
Colorado law firm Franklin D. Azar & Associates is seeking more than $5 million in damages and said there are over 100 class members. Epic Games did not respond to a request for comment by press time.
According to CheckPoint, hackers exploited vulnerabilities in Epic Games and sent a phishing link to Fortnite players. Once the link was clicked, the attackers were able to access users' PII and make unauthorized purchases of "v-bucks," Fortnite's virtual currency.
Phishing is a common cyberattack that targets many industries, and such attacks in online video games isn't surprising, lawyers said.
"If we are seeing cybersecurity issues in all industries, from retail to places that you don't think of as focused on the electronic sphere, then it's no surprise it's more concentrated in a new and strongly technology-based industry," said Carlton Fields associate Nicholas Brown.
Indeed, while hackers target data held by any industry, they may be incentivized by some video gamers' lax cybersecurity stance.
"I don't think there's anything absolutely unique to the video game industry, but the nature of the industry and, more importantly, the users and communities they work in makes them very susceptible," said Robert Braun, a Jeffer Mangels Butler & Mitchell partner. "It's a community, and there's a sense that people are comfortable in their community and let down their guard."
Braun said that ease can lead to users reusing passwords across different platforms and malicious code appearing in updated or pirated games. Plus, hackers are motivated to acquire in-game purchases for popular videos. "There are a few things that are common to the gaming industry that makes them a target, and there's a lot of money out there," he said.
Indeed, Fortnite players are also earning and spending big bucks. For instance, a Pennsylvania teenager recently won $3 million in a Fortnite world championship. Meanwhile, some platforms sell 1,000 v-bucks for roughly $10, while Fortnite "skins" (character outfits) can range from 800 to 1,500 v-bucks.
While video game companies and game streaming platforms like Amazon's Twitch or Microsoft's Mixer may pocket significant cash from digital assets bought through their platforms, lawyers warn that they could fall under the Children's Online Privacy Protection Act's scope and face significant penalties for noncompliance.
"I think those platforms, knowing COPPA could apply to them, they only allow certain users to have an account to process and collect their information without having COPPA apply to them," said Carlton Fields associate Steven Blickensderfer. He added, "What you'll find is these organizations are screening and have users that are above a certain age."
Blickensderfer also noted there could be significant penalties if the Federal Trade Commission finds a company isn't COPPA-compliant.
Indeed, earlier this year short-form video platform TikTok agreed to a record $5.7 million settlement for COPPA violations, while Google's YouTube is reportedly being investigated over child privacy claims.
Braun said COPPA's scope also could extend to video game streaming platforms.
"When you have a site like Twitch that is very attractive to young people and someone under 13, I wouldn't see why it wouldn't be covered by COPPA," he said. He noted such platforms aren't immediately liable, but the FTC has published steps outlining how to deal with children's information.
While the FTC offers guidance regarding child data privacy, Braun asserted that the online video game industry's biggest hurdle is balancing cybersecurity and access.
"They have a challenge: It's providing a service that is very open and intended to be open and multiuser," he said. "It makes implementing security a challenge, because the more open a system is the easier it is to gain access."
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Red Tape, Talent Wars & Pricey Office Space Greet Firms Entering Saudi Arabia
- 2A Funny Thing Happened on the Way to Becoming Clerk of the Forum
- 3Pa. Supreme Court Taps New Philadelphia Family Division Administrative Judge
- 45th Circuit Rules Open-Source Code Is Not Property in Tornado Cash Appeal
- 5Mediators for the Southern District of New York Honored at Eighth Annual James Duane Awards
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
