Players of the popular game Fortnite Battle Royale could be on the hit list of hackers who reportedly infiltrated the email accounts of an estimated 800,000 users two years ago.
"Whenever you sign up for one of these games online and you put your credit card information in there. You're vulnerable to be breached," said Danny Jenkins, a cyber security expert with Threatlocker.
Jenkins is in the business of shutting down high-tech hackers. The latest target is Epic Games' Fortnite.
"Two years ago, in 2016, the company disclosed 800,000 of the users' email addresses were leaked or hacked," Jenkins said. "Now, the users of Epic are starting to see the consequences of this."
An alert from Epic sent to a user reported attempts to hack his Epic Games account. His game of choice: Fortnite.
"So once they have the password, this is potentially really dangerous," Jenkins said.
In the world of Fortnite, competitors assume on-screen identities. You see the animated characters, but never the players at the controls.
College student Jeff Baily said players have credit card accounts in the system to purchase game enhancement options. They can cost nearly $100 a purchase. Many of those purchases are made by hackers.
In March, Epic reported $223 million in sales for Fortnite alone.
Jenkins said even those who don't play video games could be vulnerable to hacking.
"Anytime you give your information on the internet, you are potentially putting yourself at risk," Jenkins said.
"The Epic Games Support structure is changing to better accommodate the growing population of players," an Epic Games spokesperson said in an email to WKMG. "Direct Support is centered around account and purchasing issues."
According to Jenkins, Epic has always maintained that only email information was "leaked," not credit card data.
Jenkins said imposter or counterfeit emails that appear to be from Epic have also been reported. He advised anyone who gets one of those messages to go to the website, not the link provided in the email.
"Quite often, the links that you click on do not go to the vendor site," Jenkins said. "If it's legitimate, you'll be able to go to the same place just logging into their main website."
Some measures gamers can take to protect their accounts include: change their password, don't list personal information like a mother's maiden name, use virtual credit cards, never click the link on an unfamiliar email and finally, don't wait to be hacked to start being proactive.
The site Have I Been Pwned -- video jargon for being defeated -- allows people to check to see if their account has been breached. One email we set up was targeted five times.
"Don't rely on, 'Well, if they get hacked, I'll change my password,' because you probably won't know until it's too late," Jenkins said.