Fortnite Data Breach


There are around 350 million registered Fortnite users across computer, console, and mobile platforms. So, this was an incredibly significant data breach. This page explains how the Fortnite data breach happened. 

What happened in the Fortnite data breach?

In January 2019, it was revealed that Fortnite – a popular video game – had been hacked. Epic Games, which developed and operates Fortnite, admitted that usernames, passwords, email addresses, and the credit and debit details of 50,000 users were compromised in the data breach.

The Fortnite data breach was possible due to a login vulnerability. To make matters worse, Epic Games failed to inform affected users about the security breach in a timely manner. As a result, these users were left unprotected for longer than was necessary.

In August 2019, a class-action lawsuit against Epic Games was filed in the US. The action claimed that Epic Games had failed to notify users in a timely manner and didn’t properly safeguard users in the first place. However, this lawsuit was dismissed in late 2019. 

You might have been compromised by the Fortnite data breach if: 

The Fortnite data breach was a result of poor security measures

The Fortnite data breach stemmed from its single sign-on (SSO) setup, which allowed users to log into multiple services via an account such as Cas Epic Games, Xbox, or Google. Once logged into this third-party account, users could then access their Fortnite account via a digital token.

Hackers managed to manipulate this vulnerability and purchase in-game Fortnite currency without the permission of the account holders. Hackers also used this information to steal player accounts. Some of these stolen accounts, once loaded up with in-game currency purchased fraudulently, were sold on the dark web.

Because Epic Games failed to maintain adequate security measures, many Fortnite users were put at risk of fraud and theft. And the failure to inform these users about the security breach in a timely manner meant they were left unprotected for longer than was necessary. This is a clear breach of trust and data protection laws.

As a result of the Fortnite data breach, many people lost out financially as their credit or debit card information was linked to their hacked Fortnite account.

Fortnite data breach timeline

  • November 2018
    A data breach exposed the personal details of Fortnite players. Check Point, a cybersecurity research firm, altered Fortnite to the vulnerability
  • January 2019
    Fortnite publicly acknowledged that it had suffered a data breach.
  • August 2019
    A class action against Epic Games was announced in the US. This was later dismissed.