The wildly popular video game Fortnite has provided fertile grounds for interesting legal claims.  For example, there have been lawsuits over the ownership of in-game dances such as The Carlton, the Floss and the Milly Rock (ask any child over five to demonstrate, if you’re not familiar with these dances) and litigation over an alleged “predatory scheme” involving in-game “loot boxes.”

Given its popularity (Fortnite has at least 80 million registered users), the game is also a tempting target for hackers, as is shown by a Fortnite data breach from 2018 that led to a recent class action lawsuit. The breach provides yet another cautionary tale about the need to remain constantly on guard, raising issues about phishing, social logins (for example, using your Facebook account to log into a third party site), and concerns over collection/storing/securing personal and payment information. The vulnerability that led to this breach involved hackers sending phishing links, that came from a valid but compromised site for the game, through social media networks. If the victim clicked on the link, even without separately entering any information, the hacker could gain access to or takeover the Fortnite account, view personal information, use stored payment cards to make in-game purchases and listen to the users’ friends’ in-game conversations. Of course, the concerns over this breach are even greater because many of Fortnite’s users are children.

While attacks are inevitable, attentive and observant users may reduce the severity of their injuries or limit the damages they sustain. Tips include:

  • Remain cautious of suspicious emails, messages and links.
  • Social logins may simplify the login process, but also present the risk of additional vulnerabilities. Separate, unlinked accounts with unique passwords that present more of a hassle in the short term, but may limit your exposure to a breach.
  • Be guarded with the personal information you (and your children) provide for accounts.
  • Closely monitor credit and bank activity; consider having a separate credit card for stored payments.
  • When available, consider using two part authentication.

Here, an ounce of prevention is certainly worth a pound of cure.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.