article featured image


The Federal Trade Commission (FTC) announced that gaming giant Epic Games would have to pay $520 million in fines for using “design tricks…to dupe millions of players into making unintentional purchases” in Fortnite.

While downloading and playing Fortnite are both free, Epic charges for in-game stuff like dance moves and outfits. The FTC estimates that there are more than 400 million Fortnite players worldwide.

Children Bullied and Laws Violated

In its complaint, the FTC alleged that Epic Games violated COPPA (Children’s Online Privacy Protection Act) by extracting personal information from Fortnite players aged 13 and under without obtaining consent from their legal guardians. In addition, it has been claimed that by enabling real-time voice and text chat by default for kids and teenagers, Epic put these individuals in danger of harassment, bullying, and other types of damage.

As said by the FTC, Epic employees urged the company to change the default settings to require users to opt-in for voice chat since 2017, citing concern about the impact of children in particular.

Despite this, as well as reports that children had been harassed while playing the game, Epic Games resisted turning off the default settings. Eventually, the company added a button allowing users to turn off voice chat but made it difficult for them to find it.

Epic will be obliged to make text and voice chats in Fortnite an opt-in feature for kids and teens that can only be enabled with the parents’ explicit approval through a privacy setting, in addition to the $275 million record civil penalty levied by a proposed federal court order.

Millions of Gamers “Wrongfully Charged”

In a separate administrative complaint, the FTC said that Epic used sneaky tactics to trick Fortnite players, especially kids and teenagers, into making unwanted in-game purchases in addition to the COPPA violations.

As covered by BleepingComputer, various perplexing purchase prompts and deceptive offers were some of the sneaky strategies employed to do this, which convinced the players to make purchases they had no intention of making.

For example, Players could be charged while attempting to wake the game from sleep mode, while the game was in a loading screen, or by pressing an adjacent button while attempting simply to preview an item… These tactics led to hundreds of millions of dollars in unauthorized charges for customers.


In addition to being required to reimburse impacted customers $245 million in refunds and to stop employing dark patterns or billing users without their permission, Epic is also prohibited from denying players access to their accounts when they challenge unlawful charges.

Epic Responds by Making Privacy and Payment Changes

Epic Games also issued a statement on Monday, saying that it has improved Fortnite’s default privacy settings to comply with FTC’s rules and changed payment flows to prevent unwanted charges.

In September, we implemented high privacy default settings for players under the age of 18. Chat defaults to “Nobody,” profile details default to hidden, parties default to “Invite Only,” and personalized recommendations are defaulted Off. Players under 16 also have the mature language filter defaulted On for text chat.

Epic Games (Source)

The company also updated its payment flows with a hold-to-purchase mechanic that re-confirms a player’s intention to make a purchase.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.


Author Profile

Cristian Neagu


linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.