At the end of last year, cyber security specialists at Sixgill told KitGuru that Epic Games’ lack of security was allowing criminals to pinch Fortnite accounts and effectively launder money. Despite catering to an entire store now, it seems as though the company is still lacking in this area as affected players continue to come forward.
Redditor andro-bourne took to the PC Gaming subreddit to share their story of a hacked Fortnite: Save the World account, seeing $205 siphoned from their attached credit card in May, 2018. After retrieving the account through the usual password recovery system and removing payment details, their attempts to rectify the situation with Epic Games was met with silence.
After three days of no response, andro-bourne issued a chargeback with their bank. Epic Games immediately responded following this, permanently disabling the account in order to “protect” the user with no means of recovery or reactivation. This rubs salt in the wound, given that the user was dealing with the paid Save the World version of Fortnite rather than its free-to-play Battle Royale counterpart, but even the latter would see many microtransactions lost if it were the alternative.
Overall, this highlights fundamental flaws within Epic Games current system. While it has introduced improvements since mid-2018 such as two-factor authentication (2FA), its support seems almost non-existent. Users can interact with the company via the ticket submission system, which was largely ignored in this case, via email or its web contact. This certainly draws attention to the Store’s lack of features, particularly the absence of its own forums.
This should have been a priority case when dealing with the security of a user’s details and funds on their account. There should also have been alternative measures implemented before the automatic shutdown, especially when the user has already done most of the legwork in retrieving the account, removing the credit card and highlighting the specific payments. Users should not be made to feel like they will indefinitely lose their account when trying to retrieve their stolen money.
KitGuru Says: Hopefully Epic listens to stories like these and begins to bolster security. In the meantime, everyone using the store should activate 2FA and do their best not to keep credit card details saved to the system. Have you been affected by Epic Games’ security or support?