Millions of Fortnite accounts exposed
Millions of Fortnite players’ accounts were temporarily exposed due to a unexpected vulnerability.
Researchers at security company Check Point discovered that a website hosted on Epic Games’ domain could be used to steal players’ authentication tokens. Once the token has been obtained for a given account, hackers could log into the account, purchase in-game currency, and even listen in on their mark’s voice chat communications. Fortunately, a user’s full credit card number would not be available, but the last four digits would be visible to the hacker.
Authorization tokens are created when Fortnite players use third-party accounts such as Google or Facebook to register. This produces a randomly generated string of characters which is then sent to Epic Games. The hacker’s hosted website intercepts the token and the user’s information is stolen.
Epic Games stated that the issue has since been patched, however this is not the the first instance of vulnerability that Fortnite has experienced. In August 2018, it was revealed that the original mobile Fortnite installer for Android could be hacked in order to install malware on a user’s device.
Other methods of stealing players’ personal information have rapidly arisen over the last year. These include the infamous V-Buck Generators scams hosted on websites independent from the game that are designed to replicate the look and feel of Fortnite to attract unsuspecting victims.
Epic Games’ Fortnite is the most popular game across the globe with over 200 million players worldwide. Many of the millions in the game’s population pool are teens and children who can be more susceptible to hacking attempts. This makes them a primary target to many of the community’s scam artists.
Check Point’s head of products vulnerability Oded Vanunu hopes that news of this incident will provoke family discussions on the dangers of online fraud and cybercriminals.
“Fortnite is not a game. It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and most of the players are kids,” said Vanunu. “That’s why we are happy to help Epic Games fix this, and make sure that consumers understand what is happening.”
Online gaming guide: A focus on safety and security
Epic Games being sued for failing to protect its users' privacy
Fornite V-Buck spending spree sees kids purchase 65,000 points
Fortnite account hacking is becoming big business
V-Buck Generator scams plague Fortnite
Armor and tanks nerfed in latest Overwatch patch
Dendi might have found a new home at Tigers
Liquid do the impossible, defeat Astralis in tournament final
Overwatch patch adds spectator features, new OWL skins
Illness rocks players at Chongqing Major
Pro League team to train at one of Europe's biggest stadiums
J.Storm and Fear off to rocky start in Chongqing
Miracle out in Chongqing for Team Liquid
EHOME heads to Chongqing Major after Bucharest win
Former Digital Chaos organization returns to Dota 2
Latest edition of True Sight relives the epic TI8 final
Top new players to watch as Overwatch League resumes
Epic Games to launch free game developer tools
Away team skins now free with OWL skin purchases