Millions of Fortnite accounts exposed
Millions of Fortnite players’ accounts were temporarily exposed due to a unexpected vulnerability.
Researchers at security company Check Point discovered that a website hosted on Epic Games’ domain could be used to steal players’ authentication tokens. Once the token has been obtained for a given account, hackers could log into the account, purchase in-game currency, and even listen in on their mark’s voice chat communications. Fortunately, a user’s full credit card number would not be available, but the last four digits would be visible to the hacker.
Authorization tokens are created when Fortnite players use third-party accounts such as Google or Facebook to register. This produces a randomly generated string of characters which is then sent to Epic Games. The hacker’s hosted website intercepts the token and the user’s information is stolen.
Epic Games stated that the issue has since been patched, however this is not the the first instance of vulnerability that Fortnite has experienced. In August 2018, it was revealed that the original mobile Fortnite installer for Android could be hacked in order to install malware on a user’s device.
Other methods of stealing players’ personal information have rapidly arisen over the last year. These include the infamous V-Buck Generators scams hosted on websites independent from the game that are designed to replicate the look and feel of Fortnite to attract unsuspecting victims.
Epic Games’ Fortnite is the most popular game across the globe with over 200 million players worldwide. Many of the millions in the game’s population pool are teens and children who can be more susceptible to hacking attempts. This makes them a primary target to many of the community’s scam artists.
Check Point’s head of products vulnerability Oded Vanunu hopes that news of this incident will provoke family discussions on the dangers of online fraud and cybercriminals.
“Fortnite is not a game. It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and most of the players are kids,” said Vanunu. “That’s why we are happy to help Epic Games fix this, and make sure that consumers understand what is happening.”
How can esports players protect themselves against security risks?
Epic Games being sued for failing to protect its users' privacy
Valve calls out Epic Games for ripping information from users, Steam
Fortnite account hacking is becoming big business
V-Buck Generator scams plague Fortnite
Epic Games to launch free game developer tools
Dance lawsuits could bring big changes to Fortnite
Ninja took home over $10 million during a wild 2018
New Fortnite shop offers themed goods to fans
Epic Games launches digital store to compete with Steam
Fortnite account hacking is becoming big business
Fortnite at the top of YouTube's Rewind
Hacker interrupts Ninja charity stream with racist insults
Epic Games and Nerf partner for new series of Fortnite blasters
NFL jerseys come to Fortnite
V-Buck Generator scams plague Fortnite
Tfue and Cloak win the Fortnite Fall Skirmish for FaZe Clan
Cube Monsters Invade Fortnite's Battle Royal
Fortnite streaming star Ninja is headed to the Ellen Show