part two paper
Fortnite Data Breach 9
Fortnite Data Breach
Dajon Copes
Stevenson University
02/28/21
Epic Games Company is an American company whose headquarter is in Cary, North Carolina. Tim Sweeney founded the company in 1991, and it has grown to have over forty offices globally. The company was formerly known as Potomac Computer systems, which was later changed to Epic MegaGames, Inc. in 1992, and that name was then simplified as Epic Games. The organization is a software and video game developer company, and currently, it is known to be the leading company in providing 3D engine technologies and interactive entertainment. The organization developed Fortnite, which is a video game played online back in 2017. Fortnite video games are availed into three different game modes, which shared the same game engine and game mode: Fortnite Save the World, Fortnite Battle Royale, and Fortnite Creative (Engine, 2008). In this paper, we will first analyze Epic Games' organizational structure and mission. Then we will succinctly discuss and analyze the data breach their Fornite video game experienced in 2019.
Epic Games “Fortnite” Mission and mission-critical system
Epic Games' mission, which is the company that developed the Fortnite video game, is the creation of funs games that people would like to play and then to build the tools and art that are needed to bring those particular games into life. One of the critical systems used by Epic Games in developing Fortnite was the Unreal engine, it was the operating system used in Fortnite development, and Tim Sweeney was the person who developed that operating system. When developing Fortnite Unreal, engine 4 was used in deepening the approach of role-playing so that the life of the game would be extended, and the art style could be switched to more of a cartoonish style instead of a dark theme which was used initially (Games, 2017).
Organization Structure
The company uses a functional organizational structure where the company is divided into functional areas such as finance, marketing, and IT. This company's structure is structured so that all the heads of those departments report to the CEO who is Tim Sweeney. Functional heads of those departments include Joe Babcock (CFO), Kim Libreri (CTO), Tim Johnson (HR director), and Adam Sussman (president). Employees with similar experience and skills usually are grouped in this kind of structure so that workflow can become efficient. The structure's hierarchy is simple to understand, and the employees only have to answer to one manager, hence making it very easy to ensure that each employee is accountable for the kind of decision it has made in a workplace.
Analysis of the Fortnite data breach
In late 2018 the Epic Games Company had experienced a data breach that had affected Fortnite users' accounts. Fortnite had become one of the most popular online video games. It amassed over 350 million users across the world. According to Superdata research firm Epic Games had managed to generate $296 million, which was a revenue they got from Fortnite in April 2018. The data breach that had taken place in accounts of Fortnite users left them with their debit cards or linked credit cards being stolen (Moran et al., 2017). The hackers used the information stolen from the Fortnite users' accounts to make fraudulent in-game purchases; they then sold the accounts. In-game purchases were loaded up in the accounts they sold on the dark web for-profits and accounts for over 200 million Fortnite users had been breached.
Epic Game Company, who were the developers of Fortnite, acknowledged that there was a flaw in the login systems of Fortnite in early 2019. They said that as a result of that flaw, the hackers could impersonate the users of those accounts, therefore giving them the leeway to purchase currency of the in-game using the debit or credit cards found in those accounts. Epic Game Company acknowledged such an occurrence after a cyber-security firm called Check Point had successfully exploited Epic Game's security vulnerability that was old and unsecured. In November 2018, Epic Games were notified about their vulnerability by Check Point, and Epic Games only acknowledged the flaw after two months.
The hacking took place when the cybercriminals sent phishing emails with fake logins to the many Fortnite users who ended up clicking those links sent, and token technology was later used in hacking their accounts. Check Point researchers concluded that the webpage which was created in 2004 was the one that gave the hackers a small window of opportunity for hacking the accounts of the Fortnite users. The web page was open to attacks such as cross-site scripting, especially when a malicious code was injected into the website. The page that was compromised had a URL of Epic Game, making it even more difficult for the users to suspect that something malicious was going on.
The reason hackers attacked the Fortnite video game because that video had gained a popularity that was immense and skyrocketing every year; with over 350 million players globally, the game became a very target lucrative for cyber-criminals. Hackers were found to score millions of dollars annually by selling Fortnite accounts comprised in different underground forums such as the dark web. After researchers had tallied several low-end and high-end Fortnite accounts in sales auctions for three months, they found that the average sales of Fortnite high-end accounts every week were found to be $25000, which was estimated to be around $1.2 million every year (Cai et al., 2019).
According to Night Lion security researchers, the black market for selling and buying Fortnite accounts that were stolen was found to be very lucrative and expensive. Fortnite accounts value was found to centralize around in-game character "skin," which was a digital costume; V-Bucks was the Fortnite currency used by the players of Fortnite video game the in-game accessory. The skin was very rare, and it was worth a lot. It was found to be the most valuable, with an average of approximately $2500 for each account. The Fortnite accounts were mostly hacked through password cracking and brute force, and the most known underground password cracker used for hacking was referred to as "DonJuji." According to reports, Fortnite high-end cracking tools averaged between 15000-25000 checks every minute, and in seconds the rough estimates of account cracking were found to be 500.
The underground marketplace for Fortnite accounts was found to be very organized, and they even had return policies and customer services. Community Checkup, which consists of five "judges," are the ones tasked with overseeing all the activity taking place in the underground market for Fortnite accounts so that they can keep track of buyers, sellers, and scammers who may decide to break the bylaws of that community (Schöber & Stadtmann, 2020). Generally, the video game industry was very profitable in the underground market, and those were some of the reasons hackers decided to hack into the Fortnite users' accounts.
Financial damage
As a result of the Fortnite video game's data breach, a lawsuit action was being formed against Epic Games. Franklin D Azar & Associates (FDAzar), a U.S law firm, was preparing the lawsuit. It had launched a campaign where it requested all the Fortnite users who had been affected by the breach to call them and join them in strengthening the lawsuit against Epic Games. The lawsuit was to seek injunctive relief and monetary damages on behalf of Fortnite users whose accounts had been compromised. During the lawsuit, the claim against Epic Game was that a person was only allowed to be part of the lawsuit if he or she had a Fortnite account. The debit or credit card that was linked to that account had incurred charges without authorization. Over 100 people were part of the lawsuit.
The financial damages that Epic game had due to Fortnite users' accounts' hacking were very high since the company also received two class-action lawsuits from different clients who used their services. As a result of the data breach, the players who paid for fraudulent charges that had appeared in their debit and credit cards linked to Fortnite ensured that they canceled the credit and debit cards linked with their Fortnite accounts. This meant that Epic Game ended up losing a lot of income since customers shy away from buying some of the services they offered, such as V-Bucks. The underground market where Fortnite accounts were sold prevented Epic Games from realizing their full revenue since the hackers who cracked the passwords of their players sold the skin at very high prices at the expense of Epic Games.
The data breach that occurred in late 2018 made Fortnite revenue for Epic Game to drop by 25%. This was seen because in 2018, it had a revenue of $2.4 billion, and in 2019 it dropped to $1.8 billion (Moritz et al., 2020). As much as that was still a lot of money, Fortnite was a top-rated video game, and the fact that its revenue dropped by a whopping 25% sent a very bad signal to Epic Game. The most worrying trend during that year (2019) is that the digital spending in video games was reported to have reached its peak during that year, with a total of $109 billion was reported to have been spent in digital games. This meant that the data breach experienced by Fortnite led to a significant loss of revenue, especially in a year in which Fortnite, which was the most popular game worldwide, was expected to scope the high number of profits, as a result of the high rate of spending in digital video games services. The financial damage that the data breach had left to Epic Game was very worrying since the fear of the data breach occurring again was something some of their clients were worried about. If proper security mechanisms were not put in place, the cybercriminals would strike the game company again.
To conclude, Epic Game was a company that was very strategic in terms of its game development since it gave the users some of the experiences they longed for when it came to the gaming industry. The organizational structure of Epic Games is simple and straight-forward since it ensured that employees were categorized according to the levels of their ability, and that made them give out maximum output. The data breach that Epic Games experienced through their video game Fortnite showed that the game industry was very attractive, especially to cyber-criminals. It also showed how weak security mechanisms were put in place by Epic Game to ensure that their clients' data are 100% safe. The hackers seemed to have identified some of the strategies of cracking passwords of Fortnite players without them even noticing that their passwords were hacked.
This showed how much cyber-security was something that a business should take very seriously, especially when dealing with clients' data, which also had their credit and debit information. As a recommendation, Fortnite should opt to adapt to the usage of a cloud infrastructure, where they will give a third-party the right to protect their clients' data. This would help since many cloud providers have invested a lot of money in cyber-security. They are continually coming up with new ways of detecting cyber-attacks even before they occur.
References
Cai, J., Wohn, D. Y., & Freeman, G. (2019, October). Who Purchases and Why? Explaining Motivations for In-game Purchasing in the Online Survival Game Fortnite. In Proceedings of the Annual Symposium on Computer-Human Interaction in Play (pp. 391-396).
Engine, U. (2008). Epic Games Inc.
Games, E. (2017). Inc. Unreal Engine 4. Internet: https://www. unrealengine. com/what-is-unreal-engine-4,[May 10, 2017].
Moran, G., Clausen, M., Libreri, K., Wilson, J., Harris, A., Ellis, P., ... & Kladis, B. (2017). Fortnite: from husk till dawn!. In ACM SIGGRAPH 2017 Computer Animation Festival (pp. 10-10).
Moritz, K. H., Schöber, T., & Stadtmann, G. (2020). Product differentiation in video games: A closer look at Fortnite's success (No. 419). Discussion Paper.
Schöber, T., & Stadtmann, G. (2020). Fortnite: The business model pattern behind the scene. European University Viadrina Frankfurt (Oder) Department of Business Administration and Economics Discussion Paper, (415).