Skip to main content

Fortnite developer to pay record sum in fines and refunds to players

Games publisher Epic Games has settled a dispute with the Federal Trade Commission (FTC) to pay $520m / £428.4m/ AU$778m in fines and relief following violations of the Children’s Online Privacy Protection Act (COPPA).

Epic Games, creators of online battle royale Fortnite, will be paying one cash penalty of $275m /£225.8m /AU$411.9m for going against COPPA practices and another sum of $245m/ £201.3m / AU$366.9m to be distributed in refunds. This is the “largest penalty ever obtained for violating an FTC rule,” the US watchdog says in its official statement. In addition to the fines, the FTC says Epic Games needs to “adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default.”

“We accepted this agreement because we want Epic to be at the forefront of consumer protection and provide the best experience for our players,” Epic said in a statement. “Over the past few years, we’ve been making changes to ensure our ecosystem meets the expectations of our players and regulators, which we hope will be a helpful guide for others in our industry.”

See more

The fine print

The lump sum will be collected by the FTC from Epic Games to settle its dispute via the US Department of Justice. It serves as reparations for two separate code violations: one pertinent to privacy violation, and the other to the “illegal dark patterns” of the Epic Games business model itself.

The FTC’s complaint against Epic’s “dark patterns” is threefold; firstly, that it uses said patterns and business models to “trick users into making purchases”, secondly that it “charged account holders without authorization,” and thirdly that it withheld pre-purchased content and refused to refund it.

Epic Games violated COPPA by retaining user information without acquiring parental consent, and the FTC says Fortnite’s default privacy settings put children and teenagers in harm’s way.

“Epic used privacy-invasive default settings and deceptive interfaces that tricked Fortnite users,” FTC Chair Lina M. Khan said in the commission’s statement

According to the FTC, these patterns included how “players could be charged while attempting to wake the game from sleep mode, while the game was in a loading screen, or by pressing an adjacent button while attempting simply to preview an item.”

Until 2018, in-game purchases could be carried out without confirmation from account holders.  “Epic allowed children to purchase V-Bucks by simply pressing buttons without requiring any parental or card holder action or consent,” the FTC says, with parents complaining that their children had enacted these purchases and racked up hefty bills without their consent.

Further to these instances of unapproved purchases, the FTC says that “Epic locked the accounts of customers who disputed unauthorized charges with their credit card companies.” This would effectively cut users off from the content they had bought, supervised or not, which could amount to thousands of lost dollars, and users with accounts reinstated by Epic allegedly received warnings that their accounts would be lost for good if they made any further attempts at refunding purchases

“This proposed order sends a message to all online providers that collecting children’s personal information without parental consent will not be tolerated,” Associate Attorney General Vanita Gupta says FTC statement.

Fortnite Kapitel 4: Release bringt grafisches Update und spannende, neue Inhalte mit sich

(Image credit: Epic Games )

Epic Games responds

Epic says in its statement that saving payment details is a “common way to streamline the checkout process,” but that it has “agreed with the FTC to change this practice, and [it] now offer[s] an explicit yes or no choice to save payment information.”

Of the allegations of accounts being banned for reversing unauthorized payments, Epic Games has “updated [its] chargeback policy to account for non-fraud related scenarios and will only disable accounts when fraud indicators are present.”

As regards to child endangerment, Epic Games reaffirms that “Fortnite is rated Teen and is directed at an older teen and college-aged audience.” It also refers to its recent introduction of Cabined Accounts, described as “a new type of Epic account that provides a tailored experience that is safe and inclusive for younger players.” This would provide a space for players aged 13 or younger to play Fortnite “in a tailored environment where certain features, such as chat and purchasing, are disabled” until their account receives parental consent.

Epic closes its statement by saying it shares the same values as the FTC regarding child protection and transparency of in-game purchases. “We share the underlying principles of fairness, transparency, and privacy that the FTC enforces, and the practices referenced in the FTC’s complaints are not how Fortnite operates.”

Source: TechRadar

Popular posts from this blog

Code-generating tools could be more of a security hindrance than help

New research by a group of Stanford-affiliated researchers has uncovered that code-generating AI tools such as Github Copilot can present more security risks than many users may realize. The study looked specifically at Codex, a product of OpenAI, of which Elon Musk is among the co-founders.  Codex powers the Microsoft-owned GitHub Copilot platform, which is designed to make coding easier and more accessible by translating natural language into code and suggesting changes based on contextual evidence. AI-coding problems Lead co-author of the study, Neil Perry, explains that “code-generating systems are currently not a replacement for human developers”. The study asked 47 developers of differing abilities to use Codex for security-related problems, using Python, JavaScript and C programming languages. It concluded that the participants who relied on Codex were more likely to write insecure code compared with a control group. Read more > These are the best laptops for progr

Port of Lisbon hit by ransomware attack

One of Europe’s busiest seaports, the Port of Lisbon, has been hit with a ransomware attack that knocked some of its digital systems offline. "All safety protocols and response measures provided for this type of occurrence were quickly activated, the situation being monitored by the National Cybersecurity Center and the Judicial Police," a statement shared by the Port of Lisbon Administration (APL) with local media earlier this week said. The incident failed to impact the port’s operations, but did take its official website,, offline. LockBit taking responsibility "The Port of Lisbon Administration is working permanently and closely with all competent entities in order to guarantee the security of the systems and respective data," the statement concludes. While the company doesn’t explicitly say it was targeted with ransomware, the LockBit ransomware operator has added APL to its leaks website, taking responsibility for the hit.  The databas

This new Linux malware floods machines with cryptominers and DDoS bots

Cybersecurity researchers have spotted a new Linux malware downloader that targets poorly defended Linux servers with cryptocurrency miners and DDoS IRC bots. Researchers from ASEC discovered the attack after the Shell Script Compiler (SHC) used to create the downloader was uploaded to VirusTotal. Apparently, Korean users were the ones uploading the SHC, and it’s Korean users who are targets, as well. Further analysis has shown that the threat actors are going after poorly defended Linux servers, brute-forcing their way into administrator accounts over SSH.  Mining Monero Once they make their way in, they’ll either install a cryptocurrency miner, or a DDoS IRC bot. The miner being deployed is XMRig, arguably the most popular cryptocurrency miner among hackers. It uses the computing power of a victim's endpoints to generate Monero, a privacy-oriented cryptocurrency whose transactions are seemingly impossible to track, and whose users are allegedly impossible to identify. Fo

Twitter has hidden the chronological feed on iOS again – and I'm furious

In a controversial move, Twitter has brought back a feature that removes the 'Latest Tweets' view for users on iOS, which is something that many users, including me, hated back in March 2022 – and it's now rolling out. The first time the company decided to do this, 'Home' would appear first in a tab at the top, and there was no way of changing it so that 'Latest Tweets' would be the default view. It was reverted back after the company said it was a 'bug' for iOS users. This time though, it's no bug. Instead, it's 'For You' and 'Following' where you can only swipe between them now, which doesn't make much sense for a platform where you're using the platform to keep up to date with who you follow. It's a bizarre change that makes me ask – who wants this, especially during a time when its new owner, Elon Musk, is bringing in and reversing changes almost every week still? This one change will have big consequenc