Fortnite security breach let hackers take over accounts and more
Image Credit: Bethesda
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Category:
Fortnite
News

Fortnite security breach let hackers take over accounts and more

Image of Tarah Bleier
Tarah Bleier
|

Published: Jan 17, 2019 07:09 pm

This article is over 5 years old and may contain outdated information

Epic Games just fixed a massive breach in Fortnite‘s security, according to a new report from Variety. Back in November, hackers were capable of running wild, taking over accounts, using credit cards to buy in-game items, and even posing as other players in chatrooms. Essentially, they could control their victims’ accounts. Luckily this vulnerability has now been patched as of this month.

Recommended Videos

All of this occurred by the unsuspecting player simply clicking on what is known as “phishing” links. The hackers made the link look legitimate enough that most players would be easily duped. They would think the link came directly from Epic, but in reality, it was used to take control. It’s a good thing then that a cybersecurity firm, Check Point Software Technologies, discovered the issue in November.

Epic Games grateful for their help

In a statement to Variety, Epic Games said the following:

We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.

So where exactly did the flaw in their security lie? It had nothing to do with passwords, according to the original report, and everything to do with a flaw in two of Epic’s own subdomains.

There was a loophole in Fortnite‘s authentication process that enabled hackers to leverage Single-Sign-On systems like Xbox, Facebook, and Google to gain access to players’ account credentials. As mentioned earlier, they could send out phishing links to potential victims and then take over their authentication token due to Epic’s vulnerable subdomains.

We do not know exactly how many users were affected, but after this and other reports surfaced, people started posting on Facebook that they had been hacked in recent months. Players who spend a lot of time and money in this game were probably not too happy to be locked out of their accounts.

The vulnerability could have been much worse

Check Point’s Oded Vanunu, head of products vulnerability research, made a public statement. He said there was potential for this flaw to have had much more dire consequences.

Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy. Together with the vulnerabilities we recently found in the platforms used by drone manufacturer DJI, show how susceptible cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold. Enforcing two-factor authentication could mitigate this account takeover vulnerability.

If a player is never sure whether they are receiving a legitimate email from the developer or not, it’s best to not click any links. When in doubt, simply contact them.

[Source]

related content
Related Content
Author
Image of Tarah Bleier
Tarah Bleier