Vulnerability in Fortnite Could Have Exposed User Information

With more than 80 million players worldwide, Fortnite has become one of the most popular games on the market today. Available on multiple platforms it remains top of the list for both casual players as well as pro gamers. Unfortunately, a recent vulnerability has been found which could expose player data.

Hackers who choose to try and exploit this vulnerability could gain complete access to user accounts including their personal information. This also lets them purchase virtual in-game currency with the victim’s payment card details. Although like in other popular multiplayer games, Fortnite players have been targeted by clickbait scams before, this new vulnerability doesn’t even require action on the users’ part.

Researchers at cybersecurity firm Check Point showed that attackers could gain access through flaws in Fortnite’s user login process. There are three vulnerability flaws which were discovered in Epic Games’ web infrastructure which allow a token-based authentication process used in conjunction with Single Sign-On (SSO) systems such as Facebook, Google and Xbox to steal user access credentials and take over their account.

To fall victim to this attack, a player needs only to click on a crafted phishing link coming from an Epic Games domain, to make everything seem transparent, though sent by the attacker. Once clicked, the user’s Fortnite authentication token could be captured by the attacker without the user entering any login credentials. According to Check Point’s researchers, the potential vulnerability originated from flaws found in two of Epic Games’ sub-domains that were susceptible to a malicious redirect, allowing users’ legitimate authentication tokens to be intercepted by a hacker from the compromised sub-domain.

Epic Games has been notified of the vulnerability and has resolved the issue.

Take Precautions When Exchanging Digital Information

  • Practice safe cyber habits online
  • Be cautious of links on forums and unknown websites
  • Regularly scan your devices for needed updates
  • Make use of 2FA