CARY – In a bid to curb individual “Fornite” accounts from being hacked, Epic Games has unveiled new security measures to protect users’ accounts.
Among the planned features: email verification for new accounts, SMS-based multi-factor authentication and “additional detection methods”.
The company has also begun ensuring security of new passwords by comparing them against the Have I Been Pwned “Pwned Passwords list [v4]” before they are applied to an account.
“Epic’s account system detects many forms of account compromises, and we’re working to add new forms of detection,” the Cary-based firm said in the update.
“Throughout 2019, we will be adding additional detection methods to identify attacks and prevent them from succeeding.”
Epic Games hit with cybersecurity lawsuit
The update comes the same month the company was hit with a lawsuit accusing it of being responsible for a “catastrophic cybersecurity vulnerability” in its megahit game, “Fortnite,” exposing around 250 million players to possible identity theft.
First reported by the Triangle Business Journal, the suit filed in Cook County Illinois on April 8 by plaintiff Eric Krohm alleges the “vulnerability” allowed cyber-criminals to make in-game purchases of “Fornite” digital currency, Vbucks, on hacked players accounts. The lawsuit claims the hackers could then resell it on the “criminal black market.”
The complaint also accuses Epic Games of failing to address the situation in a “reasonable” time frame and to notify players, causing Krohm a great amount of anxiety, the suit claims.
However, Epic Games denies the charges.
In a court memo filed April 15, the company filed a motion to dismiss the case for “failure to state a claim”. Through attorney Jeffrey Jacobsen of Kelley Drye & Warren LLP, the company claims Krogn “bases this lawsuit on a purely theoretical data security vulnerability he saw reported in the media, without alleging that his or anyone else’s data was compromised.”
Prior attacks on Epic’s systems
Outside of the suit, however, Epic conceded in its update that there have been attacks on individual Epic accounts.
“This account system has never been compromised. However, specific individual Epic accounts have been compromised by hackers using lists of email addresses and passwords leaked from other sites, which have been compromised,” the company said in the release.
“If you use the same email address and password on Epic as you used on another site which has been compromised, then your account is vulnerable to attack.”
Meanwhile, in 2016, Epic’s vBulletin forums were compromised, revealing forum login credentials, which were then reset.
“Since then, we have upgraded all of our forums to utilize the Epic Games account system,” the company said.