Cyber Incident Victim: Epic Games

In March 2018, reports emerged of unauthorized access to player accounts for the popular video game Fortnite, developed by Epic Games. The incident involved compromised accounts linked to fraudulent credit card charges for unauthorized in-game purchases. Fortnite, a multiplayer survival game available on Xbox One, PlayStation 4, Windows PC, and Mac platforms, allowed players to collect resources and engage in combat. Epic Games publicly acknowledged the account compromises, attributing them to attackers using "well-known hacking techniques." The company directed affected users to contact its player support team for assistance but did not disclose the number of impacted accounts or specific technical details about the breach methodology. Players reported financial losses from unauthorized transactions tied to their stored payment methods.

Security researchers highlighted broader industry risks, with Kaspersky Lab's principal researcher David Emm noting that gaming accounts were frequently targeted due to weak user security practices. Kaspersky's research indicated only 5% of users prioritized strong passwords for gaming accounts, with many reusing credentials or employing easily guessable passwords across multiple services. The incident underscored the financial motivation behind such attacks, as compromised accounts enabled fraudulent purchases of in-game items. Epic Games did not publicly confirm whether the attacks involved phishing, credential stuffing, or other specific vectors. No evidence suggested platform-level vulnerabilities in Fortnite's infrastructure as the root cause. The company's response focused on user-driven account recovery rather than systemic security changes at the time of initial reports.