Players of the popular game Fortnite Battle Royale could be on the hit list of hackers who reportedly infiltrated the email accounts of an estimated 800,000 users two years ago.
Danny Jenkins, CEO and cybersecurity chief with Orlando based Threatlocker, told News 6 the users of the popular Epic Games video game are starting to see the consequences of that data breach.
A News 6 editor received an email alert from Epic Games last week, advising him that there were “a series of unsuccessful login attempts,” on his account.
The message advised him to enable two-factor authentication.
Fortunately for him, the News 6 employee, who asked not to be identified, said he didn’t have a credit card in the system, something most players use to enhance their on-screen persona on the Fortnite battlefield.
According to Jenkins, Fortnite gamers have noticed mystery credit card purchases for V-Bucks, the currency used to purchase items that enhance the look of the players.
The game is free, but the purchase of V-Buck bundles, as high as $99, brought In profits of $223 million in March alone, according to Epic Games.
Jenkins said he is convinced the personal information attached to the accounts is the real target for the hackers.
He believes the information is sold on the darknet, to set up new credit card accounts.
“Whenever you sign up for one of these games online and you put your credit card information in there, you’re essentially leaving yourself open to their security, “Jenkins said.
Jenkins said the 2016 breach probably happened because a patch or an update wasn’t installed on the gaming system, two years later consequences of the hacks and attempted hacks are arriving.
“If they have good security and their systems are sound that’s great, but if they don’t you’re vulnerable to be breached” Jenkins said.
“The Epic Games Support structure is changing to better accommodate the growing population of players," an Epic Games spokesperson said in an email to News 6. "Direct Support is centered around account and purchasing issues.”
According to Jenkins, Epic has always maintained that only email information was “leaked” not credit card data.
Jenkins said imposter or counterfeit emails that appear to be from Epic have also been reported. He advised anyone who gets one of those messages to go to the website, not the link provided in the email.
“Quite often, the links that you click on do not go to the vendor site," Jenkins said. “If it’s legitimate you’ll be able to go to the same place just logging into their main website.”
Some measures gamers can take to protect their accounts include: change their password, don’t list personal information like a mother’s maiden name, use virtual credit cards, never click the link on an unfamiliar email and finally, don’t wait to be hacked to start being proactive.
Consumers can check to see if their email accounts have been compromised here.