Fortnite developer Epic Games is facing a class-action lawsuit.

A flaw in the game’s login system was recently discovered to have potentially compromised the personal information of thousands of consumers with Epic Games accounts.

The US-based law firm Franklin D. Azar & Associates is seeking players who were affected by the data breach because they have a claim. The firm charges that affected players had received suspicious charges on their Epic Games account through a linked card that was not authorized.

The breach was initially discovered by a cybersecurity firm Check Point Software Technologies. Check Point stated that the breach made it possible for hackers to access dozens of Epic Games accounts and purchase in-game items, without having to verify if they are the actual account holders. Hackers have been able to do this by exploiting Epic’s sub-domains which means that they would not even require a password to access these accounts.

Epic did release a statement addressing the exploit and fixed it, but it took time. According to Azar, it took two months for them to address the situation even after it was discovered by Check Point. They also have not disclosed how many accounts were affected by this exploit and what steps they are taken to protect their users.

“Fortnite users have no guarantee that the above security measures will in fact adequately protect their personal information,” the claim says. “Fortnite users therefore have an ongoing interest in ensuring that their personal information is protected from past and future cybersecurity threats.”

Polygon has reported that “more than 100 class members” have now become attached to Azar’s law suit.

Now while it hasn’t been specified it is possible that Epic could also be fined under the European Union’s General Data Protection Regulations as many of the games players do live in Europe. The maximum fine for a GDPR violation 20 million Euros.

Epic has previously come under fire from critics for reports of brutal crunch time business practices and has been one of the many companies to be interrogated by government entities regarding micro transactions. Epic’s marketing director Matt Weissinger recently testified before a UK parliamentary panel that his company did not feel that their games were addictive.

If you believe that you or someone you know has been affected by this data breach, you can click here to join the class-action lawsuit

What do you think of this news? Were you affected by this data breach? Let us know in the comments below!