Fortnite got hacked: security flaw let hackers access user accounts

The flaw left gamers at the mercy of hackers capable of accessing and controlling their accounts.

    2019/01/17

NSFW    CARY, NORTH CAROLINA — Fortnite was alerted to a major flaw in their security system last November that was letting hackers into players' accounts undetected, reports CNET.

The flaw left gamers at the mercy of hackers capable of accessing and controlling their accounts. The cyber-criminals could purchase in-game items using the players' credit cards, and could even pose as players' in in-game chats.

According to CNET, Fortnite developer Epic Games was alerted to the shady activity by cybersecurity firm Check Point Software Technologies in November 2018. The flaws were said to be fixed by January.

Epic Games advised gamers to secure their accounts by strengthening their passwords, not reusing passwords or sharing account information with others. Solid advice, Epic, but looks like passwords had nothing to do with it.

Hackers were accessing the accounts without using login information. In fact, flaws within Epic Game's sub-domains made their job much easier than that. All they had to do was send players a malicious link designed to look like an Epic Games domain.

If the player clicked on it, the hacker could then acquire the user's Fortnite authentication token without using any login credentials. The vulnerability flaws were found in Epic Games' web infrastructure and their use of Single Sign-On systems.

A Single Sign-On system is a security authentication process that lets a user log into multiple yet independent accounts or applications using only one set of login credentials.

"Google uses this system to connect a user with all its other applications like YouTube, GoogleMaps, Drive and so on."

Oded Vanunu, Check Point's Head of Products Vulnerability Research, recommends players to enable two-factor authentication to better safeguard their personal info.

SOURCES
Variety, CNET, Check Point Software Technologies
https://variety.com/2019/gaming/news/massive-fortnite-security-hole-allowed-hackers-to-take-over-accounts-eavesdrop-on-calls-1203109556/
https://www.cnet.com/news/fortnite-had-a-security-vulnerability-that-let-hackers-take-over-accounts/
https://research.checkpoint.com/hacking-fortnite/
NEXT ON TOMONEWS
Chinese woman wakes up unable to hear men's voices

Facebook Conversation
YOU MAY ALSO LIKE