In context: Whether it's due to their aggressive exclusive games policy or their decision to block customers who purchase "too many" games in a short space of time, Epic Games is certainly a controversial company lately. To make matters worse, "FuckEpic" subreddit user TurboToast3000 now claims the company sent his personal information to a "random person" in an attempt to comply with a General Data Protection Regulation (GDPR) information request.
The personal data in question, according to the user, included their purchase details, purchase history, email address, IP address, and real name. The Redditor discovered the dilemma after allegedly receiving an email from Epic in which the company disclosed their mistake (see below).
"We regret to inform you that, due to human error, a player support representative accidentally also sent the information you requested to another player," the email reads, according to TurboToast. "We quickly recognized this mistake and followed up with the player and they confirmed that they deleted it from their local machine."
Naturally, TurboToast is none too pleased about the situation. "They sent all my personal info including my email address, my name, my purchase history and my purchase info and I just get sorry," he or she wrote in one response.
In another, they expressed skepticism: "Also that random person said they deleted the data??? first thing you learn on internet (sic) is that you can't trust random strangers."
Fortunately, there's some good news. According to TurboToast, the stranger who also received their data reached out, informing the Redditor that they reported the issue to Epic the moment they realized the mistake. TurboToast says the kind stranger "helped clear some things up," so it sounds like things worked out in the end. Regardless, TurboToast has made it clear that they are "done" with "very not epic games."
As many other Redditors have pointed out to TurboToast, this "human error" likely counts as a data breach on Epic's part if it's true. Though they, by TurboToast's own admission, informed the affected party of the breach within 72 hours, they must also inform their local European data protection authority to comply with GDPR law.
Some users have advised TurboToast to report this breach directly to said authorities, which may eventually lead to some pretty hefty fines being levied against the company -- only time will tell whether or not the Redditor will heed their advice.
Of course, there's also the possibility that this post has been falsified -- we're not saying this is necessarily the case, but as with most unverified reports of this nature, it's best take it with a grain of salt. With that said, while not necessarily a guarantee of credibility, it does seem that TurboToast has been an avid Redditor for the better part of a year (9 months, to be precise).
We've reached out to Epic for confirmation. We will update this article if and when we receive a response. We've also reached out to TurboToast for further proof, and we expect them to get back to us tomorrow.