Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Fortnite video game developer Epic Games Inc. isn't just dodging digital adversaries — now it's been slammed with a class action lawsuit over a data breach. Lawyers said that, while cyberattacks faced by the video industry aren't unique, hackers are incentivized to strike high-profile games and target their in-game assets.
A lawsuit filed in the U.S. District Court for the Eastern District of North Carolina is based on cybersecurity firm CheckPoint's January announcement that hackers breached Epic Games users' accounts and had access to their passwords, credit and debit card information, and other personally identifiable information.
In the class action suit, Epic Games is accused of failing to provide timely notice of the data breach, not exercising "due care" in the collection, storage and safeguarding of users' information and other accusations. Heidbreder v. Epic Games Inc., 5:2019cv00348.
Colorado law firm Franklin D. Azar & Associates seeks more than $5 million in damages and said there are over 100 class members. Epic Games did not respond to a request for comment when this article was written.
According to CheckPoint, hackers exploited vulnerabilities in Epic Games and sent a phishing link to Fortnite players. Once the link was clicked, the attackers were able to access users' PII and make unauthorized purchases of "v-bucks," Fortnite's virtual currency.
Phishing is a common cyberattack that targets many industries, and such attacks in online video games isn't surprising, lawyers said.
"If we are seeing cybersecurity issues in all industries, from retail to places that you don't think of as focused on the electronic sphere, then it's no surprise it's more concentrated in a new and strongly technology-based industry," said Carlton Fields law associate Nicholas A. Brown.
Indeed, while hackers target data held by any industry, they may be incentivized by some video gamers' lax cybersecurity stance.
"I don't think there's anything absolutely unique to the video game industry, but the nature of the industry and, more importantly, the users and communities they work in makes them very susceptible," said Robert Braun, a Jeffer Mangels Butler & Mitchell partner. "It's a community, and there's a sense that people are comfortable in their community and let down their guard."
Braun said that ease can lead to users reusing passwords across different platforms and malicious code appearing in updated or pirated games. Plus, hackers are motivated to acquire in-game purchases for popular videos. "There are a few things that are common to the gaming industry that makes them a target, and there's a lot of money out there," he said.
Indeed, Fortnite players are also earning and spending big bucks. For instance, a Pennsylvania teenager recently won $3 million in a Fortnite world championship. Meanwhile, some platforms sell 1,000 v-bucks for roughly $10, while Fortnite "skins" (character outfits) can range from 800 to 1,500 v-bucks.
While video game companies and game streaming platforms like Amazon's Twitch or Microsoft's Mixer may pocket significant cash from digital assets bought through their platforms, lawyers warn that they could fall under the Children's Online Privacy Protection Act's (COPPA) scope and face significant penalties for noncompliance.
"I think those platforms, knowing COPPA could apply to them, they only allow certain users to have an account to process and collect their information without having COPPA apply to them," said Carlton Fields associate Steven Blickensderfer. He added: "What you'll find is these organizations are screening and have users that are above a certain age."
Blickensderfer also noted there could be significant penalties if the Federal Trade Commission finds a company isn't COPPA-compliant.
Indeed, earlier this year short-form video platform TikTok agreed to a record $5.7 million settlement for COPPA violations, while Google's YouTube is reportedly being investigated over child privacy claims.
Braun said COPPA's scope also could extend to video game streaming platforms.
"When you have a site like Twitch that is very attractive to young people and someone under 13, I wouldn't see why it wouldn't be covered by COPPA," he said. He noted such platforms aren't immediately liable, but the Federal Trade Commission (FTC) has published steps outlining how to deal with children's information.
While the FTC offers guidance regarding child data privacy, Braun asserted that the online video-game industry's biggest hurdle is balancing cybersecurity and access.
"They have a challenge: It's providing a service that is very open and intended to be open and multiuser," he said. "It makes implementing security a challenge, because the more open a system is the easier it is to gain access."
*****
Victoria Hudgins is a reporter for Legaltech News, an ALM sibling of Entertainment Law & Finance, where she covers national and international legal tech innovations and developments. She can be reached at [email protected].
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.