Is Epic Games Oblivious or Indifferent

I’ve raised this issue through the support ticket twice, got a generic response that does not offer any assistance so I’m raising it here, with the hope it will reach Epic’s infosec people.

The premise:
I’m streaming gameplay of my new creative island, playing with about ~15 of my viewers. Since the creative island is new, we are the only players online, with a single island session. Any new players joining from our region, will join our session as long as we are not at island max capacity.

The issue:
While streaming, user comes into chat informing that in a few seconds a DDOS attack is incoming on my ‘server’

As promised, after a few seconds, Fortnite in-game network monitor goes red, and all other players are ejected to the lobby.

This issue repeats several times.

It’s safe to assume the attack starts by some fortnite account joining the island session, gets the pod/server instance network info and clogs the network

That type of network traffic requires authentication and authorization, which means tracking down the Fortnite account that initiated the attack should be possible.

I also suggested providing the tiktok accounts behind the attack, if Epic wishes to pursue the attackers.

This is not a case where I am DDOSed, this is a case where Epic’s servers are being DDOSed and are rendered out of service - Which seems to be very simple to execute.

Epic’s Response:
Same response twice, report the player in game - I don’t know which specific Fortnite account is behind in the attack, and even if a user is blocked as a result of a report it would still be possible to break island sessions with extreme ease.

I’ve contacted Epic support, providing the time of attack and island information so they could investigate the attack which must be extremely common, my attackers are not sophisticated hackers, they are prepubescent script kiddies with an ‘off the shelf’ tool for breaking Fortnite island sessions.

Which begs the question - Is Epic Games Oblivious or Indifferent to creative island security?

I’m dealing with the exact same issue on my own island, and it’s happening daily.

Just like you described, random players join the session, and within seconds the server lags out, kicks everyone to the lobby, and the in-game network monitor turns red. It’s clear that this is some kind of DDoS-style attack, and it’s completely ruining the experience for me and my players.

What’s frustrating is that Epic Games seems completely unaware — or worse, indifferent — to what’s happening.
Their responses are beyond disappointing. I’ve submitted reports, and just like you, I got nothing but generic replies telling me to “report the player in-game,” which is pointless because we don’t even know which account is behind the attack.

This is clearly a weakness in the system. If someone can disrupt entire sessions this easily without being tracked or stopped, then the problem is with the platform — not just the player.

Thanks for speaking up about this. It’s happening to more of us than Epic seems willing to admit.

@iNASA could you DM me the island code this is happening in?

I’ve sent you a private message with the island code and a full explanation of the issue. I really hope you can take a look and help solve it as soon as possible. Thanks again.

@Flak i’ve tried DMing you on the creative discord, with the details of some of the users behind this, some of them are fortnite creators acting out of spite…

Ive seen similar. I’m also under the impression that there are bot farms out there that intentionally join and leave fresh games or others that are newly gaining traction, or scroll through discovery feed clicking thumbnails to kill impression %'s. There’s no real way to prove something like this as far as im aware, it’s completely up to epic to investigate.