Millions of Fortnite User Accounts Made Vulnerable

Millions of Fortnite User Accounts Made Vulnerable

Epic Games, the company behind the wildly popular video game, Fortnite, acknowledged that a vulnerability had risked users' account information.

Since its arrival in 2017, Epic Games' wildly popular video game, Fortnite, has garnered the attention of over 200 million players who spend hours fighting for survival in the computer generated world. Now, researchers from security company Check Point are saying those millions of players could have had their account information accessed thanks to a vulnerability in Epic Games' domain.

Check Point researchers say they discovered a susceptible website hosted on Epic Games' domain—which has since been taken down—that could be used to capture users' authentication tokens. These tokens would allow hackers to log into Fortnite accounts without the need for a user name and password giving bad actors access to live audio while users played the game, access to user information and the last four digits of saved credit cards.

A spokesperson for Epic Games said that the company had patched the vulnerability. 

"We were made aware of the vulnerabilities and they were soon addressed," the statement to BuzzFeed News said. "As always, we encourage players to protect their accounts by not re-using passwords, using strong passwords, and not sharing accounts information with others."

This vulnerability, however, did not need a password hack into the accounts of players. Check Point's researchers suggest enabling a two-factor authentication for your accounts so that if someone is trying to get in, you would be notified.

Fortnite accounts are highly valued, especially if the account has amassed a large amount of accessories, which are earned or purchased through the game. Oftentimes, you can find a Fortnite account being sold through online marketplaces like eBay and Craigslist—sometimes for thousands of dollars. This gives hackers incentive to go after the free-to-play online game's users, many of who are teens and children.

Check Point told BuzzFeed News that they hoped the news of the vulnerability would spark conversations at home between parents and children about cybersecurity and online fraud.

"Fortnite is not a game," Check Point's head of products vulnerability Oded Vanunu said. "It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and [where] most of the players are kids. That's why we are happy to help Epic Games fix this, and Mae sure that consumers understand what is happening."

This isn't the first time Epic Games has dealt with security issues. In August of 2018, Google publicly disclosed that the original Fortnite installer for Android could be exploited to secretly install unwanted apps or malware on phones, without users' knowledge.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.