Milo W. January 24, 2019
Millions of Fortnite players’ accounts were temporarily exposed due to a unexpected vulnerability.
Researchers at security company Check Point discovered that a website hosted on Epic Games’ domain could be used to steal players’ authentication tokens. Once the token has been obtained for a given account, hackers could log into the account, purchase in-game currency, and even listen in on their mark’s voice chat communications. Fortunately, a user’s full credit card number would not be available, but the last four digits would be visible to the hacker.
Authorization tokens are created when Fortnite players use third-party accounts such as Google or Facebook to register. This produces a randomly generated string of characters which is then sent to Epic Games. The hacker’s hosted website intercepts the token and the user’s information is stolen.
Epic Games stated that the issue has since been patched, however this is not the the first instance of vulnerability that Fortnite has experienced. In August 2018, it was revealed that the original mobile Fortnite installer for Android could be hacked in order to install malware on a user’s device.
Other methods of stealing players’ personal information have rapidly arisen over the last year. These include the infamous V-Buck Generators scams hosted on websites independent from the game that are designed to replicate the look and feel of Fortnite to attract unsuspecting victims.
Epic Games’ Fortnite is the most popular game across the globe with over 200 million players worldwide. Many of the millions in the game’s population pool are teens and children who can be more susceptible to hacking attempts. This makes them a primary target to many of the community’s scam artists.
Check Point’s head of products vulnerability Oded Vanunu hopes that news of this incident will provoke family discussions on the dangers of online fraud and cybercriminals.
“Fortnite is not a game. It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and most of the players are kids,” said Vanunu. “That’s why we are happy to help Epic Games fix this, and make sure that consumers understand what is happening.”
