Update: A Fortnite representative has published a lengthy post on Reddit addressing the account security situation.
According to Epic, all hacked accounts had their credentials stolen from third-party sites, and not through a breach on Epic's systems. Using a process called credential stuffing, criminals hack the database of a weaker site and go around testing that email in multiple others to see which passwords stick.
Given people's penchant for using the exact same password across multiple websites, hackers can gain access to your account by obtaining the info from somewhere else.
Epic further clarified that "several instances of account theft and fraud [were] related to websites that claim to provide you free V-Bucks or the ability to share or buy accounts". They've further stated that "Epic will never ask you for your password through email, social media, or a non-Epic website", and that "groups claiming to provide special Fortnite deals this way are fraudulent".
Original Story: A possible breach may be doing the rounds, as several reports of accounts being hacked are appearing on Fortnite's reddit.
According to multiple users who had their passwords changed, whoever's behind the thefts is using the saved payment information to purchase hundreds of dollars worth of Fortnite products.
Fortnite Removes Friendly Fire, Adds Fan Suggestion
Fortnite Snipers Only Mode Is Here, Not Going As Planned
We've seen reports of hacked accounts and over U$ 500 in fraudalent charges being made as early as three days ago, and it has not stopped. Epic has been monitoring the situation and has already refunded most users affected, but has not clarified at this time what may be behind the attacks.
We've reached out to Epic and will update this when we hear back from them.
