Hackers could exploit the Fortnite login page to capture accounts

Share

Researchers from global security company Check Point have shared details of vulnerabilities that could have affected any player of the popular online battle game, Fortnite.

The researchers said the potential exploit originated from flaws found in two of Epic Games' sub-domains that were susceptible to a malicious redirect, allowing users' legitimate authentication tokens to be intercepted by a hacker from the compromised sub-domain. With such massive popularity, cybercriminals stealing access to player's account illicitly should not come as a surprise for the game. Similarly, the Fortnite loophole allowed hackers to log into your Epic games account in many different ways, using these tokens from Facebook, Google and Xbox accounts. The report also said, but Epic did not confirm, that hackers could have eavesdropped on players' conversations in the game's voice chat.

Researchers discovered multiple vulnerabilities in Epic Games' online infrastructure, which enable hackers to exploit Fortnite's user login process. Presumably this is an attempt to counter-balance the stories about minors being conned into handing account details to strangers. Attackers could create a link that would be emailed to the player, giving the username and password of an account to the hacker just by clicking on it and obtaining an access token.

The firm said attackers could view any data stored on an account as well as buy in-game currency at the user's expense.

Another Major Winter Storm Is Expected Just Days After Gia
A large storm system will hit eastern Idaho starting Wednesday night until late Thursday or early Friday , depending on your area. This will likely begin as snow developing Saturday afternoon, then snow possibly heavy at times Saturday night into Sunday .

According to the researchers, the security vulnerability was first discovered back in November of past year and, thanks to some quick work on the part of Epic Games (Fortnite's publisher), has officially been closed since late December.

Meanwhile, the BBC reported last month that selling stolen Fortnite accounts has become a cottage industry in its own right, with teens in the United Kingdom making thousands of dollars a week, as part of a coordinated effort that spans the globe. "These flaws provided the ability for a massive invasion of privacy", said Oded Vanunu, head of products vulnerability research for Check Point. "Users could well see huge purchases of in-game currency made on their credit cards with the attacker funneling that virtual currency to be sold for cash in the real world". That means a third-party site like the one designed by Check Point Software can access it.

Though this vulnerability was identified and addressed before a hack could occur, the Check Point blog said that Fortnite players have been targeted before by scammers posing as discount sellers of in-game currency, V-bucks.

"We thank Check Point for bringing this to our attention", Epic Games told PCMag in a statement.

Share