Epic Games is facing a sizable challenge with its users, after a number of Fortnite players discovered cybercriminals had breached their game accounts and run up tabs worth hundreds of dollars.
On Monday afternoon, for example, a player that goes by the name Darksplinter stated on Reddit:
So no idea how this happened, I don't click on stupid links that are shady. I never save my payment options to accounts but I must have accidentally saved it. Bought the standard save the world in February and I play it off and on with friends. Today I get emailed thanking for my purchases. Someone upgraded my standard to deluxe and then deluxe to ultimate, so that's $200 gone and well I kind of need that for my car payment.
Epic Games has issued some refunds, according to a smattering of Fortnite players on Reddit and the Fortnite forum board. Additionally, the company has also weighed in on the issue.
"We are aware of instances where users' accounts have been compromised using well-known hacking techniques and are working to resolve these issues directly with those players affected," Epic Games said in a statement to Kotaku.
The game publisher recently posted a noticeon its website, acknowledging the breach and offering steps users should take. According to its statement:
We've seen several instances of account theft and fraud related to websites that claim to provide you free V-Bucks or the ability to share or buy accounts. Please never share your Epic account details with anyone. Epic will never ask you for your password through email, social media, or a non-Epic website. Groups claiming to provide special Fortnite deals this way are fraudulent.
At Epic, we've been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online. While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud. However, this approach doesn't find every impacted account, or you might have created your Epic account after we checked a particular password dump.
As a result, we're working to further automate our process to check our account database against password dumps to close the gap on identifying impacted users and resetting their passwords. We're also working hard to enable multi-factor authentication in the next few weeks and plan to have an additional blog post with more details soon.
Got game? Cybercriminals do
According to a global surveylast year by Kaspersky Lab, 53% of survey respondents acknowledged they play online games.
Additionally, of the 17% of survey respondents who have experienced or been a target of an attack, 16% had their gaming accounts breached, according to the study.
Hacking gaming accounts, for example, can yield $1 per account, so it's potentially lucrative for cybercriminals to hack and sell online game accounts in mass, the report states.
— Dawn Kawamoto is an award-winning technology and business journalist, whose work has appeared in CNET's News.com, Dark Reading, TheStreet.com, AOL's DailyFinance and The Motley Fool.