Dozens of Fortnite players say hackers have infiltrated their accounts. Over the last month, players have noticed fraudulent charges of up to hundreds of dollars on their Epic Games accounts. Epic says it's aware of the problem and is working to resolve it.
Tyler, who plays Fortnite Battle Royale, says he received a text message from a gaming friend last week asking if he'd purchased the Fortnite base game, Save the World. "He saw my account online in that game mode," Tyler told me. But Tyler had not purchased Save the World or logged in for the last 24 hours. Shortly after the text, Tyler received email receipts for purchases of $US149.99 ($191) and $US99.99 ($127). He said that his account password had not changed, so he has no idea how hackers took control of his account. However, his card data was saved in his Epic Games profile. Tyler received refunds afterward, according to screenshots seen by Kotaku.
Over the last few weeks, dozens of other players have complained on Reddit and on Epic Games' forums that their accounts have been compromised, too. One says they haven't played Fortnite Save the World in four months, but were charged $US210 ($267) for two purchases. Some purchases were for Epic Games' V-Bucks, in-game currency. Others were for expansions, cosmetics or the Fortnite Save the World base game. Descriptions for several purchases were in Russian and read "improvement from the standard", "Founder's Set" and "improved set".
Reached by email, an Epic spokesperson told Kotaku, "We are aware of instances where users' accounts have been compromised using well-known hacking techniques and are working to resolve these issues directly with those players affected. Any players who believe their account has been compromised should reach out to our player support immediately."
Epic Games recently added an option to enable two-factor authentication on players' accounts, which is always a good idea no matter what you're doing online. The developer also posted a security checklist for players concerned that their accounts could be vulnerable.