Millions of Fortnite User Accounts Made Vulnerable
Epic Games, the company behind the wildly popular video game, Fortnite, acknowledged that a vulnerability had risked users' account information.
- By Sydny Shepard
- Jan 17, 2019
Since its arrival in 2017, Epic Games' wildly popular video game, Fortnite, has garnered the attention of over 200 million players who spend hours fighting for survival in the computer generated world. Now, researchers from security company Check Point are saying those millions of players could have had their account information accessed thanks to a vulnerability in Epic Games' domain.
Check Point researchers say they discovered a susceptible website hosted on Epic Games' domain—which has since been taken down—that could be used to capture users' authentication tokens. These tokens would allow hackers to log into Fortnite accounts without the need for a user name and password giving bad actors access to live audio while users played the game, access to user information and the last four digits of saved credit cards.
A spokesperson for Epic Games said that the company had patched the vulnerability.
"We were made aware of the vulnerabilities and they were soon addressed," the statement to BuzzFeed News said. "As always, we encourage players to protect their accounts by not re-using passwords, using strong passwords, and not sharing accounts information with others."
This vulnerability, however, did not need a password hack into the accounts of players. Check Point's researchers suggest enabling a two-factor authentication for your accounts so that if someone is trying to get in, you would be notified.
Fortnite accounts are highly valued, especially if the account has amassed a large amount of accessories, which are earned or purchased through the game. Oftentimes, you can find a Fortnite account being sold through online marketplaces like eBay and Craigslist—sometimes for thousands of dollars. This gives hackers incentive to go after the free-to-play online game's users, many of who are teens and children.
Check Point told BuzzFeed News that they hoped the news of the vulnerability would spark conversations at home between parents and children about cybersecurity and online fraud.
"Fortnite is not a game," Check Point's head of products vulnerability Oded Vanunu said. "It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and [where] most of the players are kids. That's why we are happy to help Epic Games fix this, and Mae sure that consumers understand what is happening."
This isn't the first time Epic Games has dealt with security issues. In August of 2018, Google publicly disclosed that the original Fortnite installer for Android could be exploited to secretly install unwanted apps or malware on phones, without users' knowledge.
Sydny Shepard is the Executive Editor of Campus Security & Life Safety.