Millions of Fortnite User Accounts Made Vulnerable

Millions of Fortnite User Accounts Made Vulnerable

Epic Games, the company behind the wildly popular video game, Fortnite, acknowledged that a vulnerability had risked users' account information.

Since its arrival in 2017, Epic Games' wildly popular video game, Fortnite, has garnered the attention of over 200 million players who spend hours fighting for survival in the computer generated world. Now, researchers from security company Check Point are saying those millions of players could have had their account information accessed thanks to a vulnerability in Epic Games' domain.

Check Point researchers say they discovered a susceptible website hosted on Epic Games' domain—which has since been taken down—that could be used to capture users' authentication tokens. These tokens would allow hackers to log into Fortnite accounts without the need for a user name and password giving bad actors access to live audio while users played the game, access to user information and the last four digits of saved credit cards.

A spokesperson for Epic Games said that the company had patched the vulnerability. 

"We were made aware of the vulnerabilities and they were soon addressed," the statement to BuzzFeed News said. "As always, we encourage players to protect their accounts by not re-using passwords, using strong passwords, and not sharing accounts information with others."

This vulnerability, however, did not need a password hack into the accounts of players. Check Point's researchers suggest enabling a two-factor authentication for your accounts so that if someone is trying to get in, you would be notified.

Fortnite accounts are highly valued, especially if the account has amassed a large amount of accessories, which are earned or purchased through the game. Oftentimes, you can find a Fortnite account being sold through online marketplaces like eBay and Craigslist—sometimes for thousands of dollars. This gives hackers incentive to go after the free-to-play online game's users, many of who are teens and children.

Check Point told BuzzFeed News that they hoped the news of the vulnerability would spark conversations at home between parents and children about cybersecurity and online fraud.

"Fortnite is not a game," Check Point's head of products vulnerability Oded Vanunu said. "It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and [where] most of the players are kids. That's why we are happy to help Epic Games fix this, and Mae sure that consumers understand what is happening."

This isn't the first time Epic Games has dealt with security issues. In August of 2018, Google publicly disclosed that the original Fortnite installer for Android could be exploited to secretly install unwanted apps or malware on phones, without users' knowledge.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.