Fortnite login flaw left millions of players exposed to hackers
Check Point researcher tells The Independent he believes it is entirely possible that these flaws could have already been exploited by hackers without victims even knowing
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A major security flaw with the hugely popular game Fortnite left millions of players exposed to hackers, according to new research.
Cyber security firm Check Point discovered the vulnerability, which allowed people to steal the login credentials of Fortnite players without them even knowing about it.
For the attack to be successful, all the victim would have to do is click on a link shared via a chatbox on Fortnite or through social media. Once clicked, the hacker could gain access to a player’s username, password, V-bucks currency and any data stored on their account – without the victim even having to enter their login credentials.
The head of the Check Point research team believes it is entirely possible that these flaws could have already been exploited by hackers, despite no reported instances of attackers making use of the exploit.
This is because the method of intercepting the authentication credentials left very little trace. Before publishing the research the Check Point researchers contacted Fortnite developer Epic Games and the vulnerabilty has since been fixed.
“It is possible that the flaws we discovered could have already been exploited by hackers before they were responsibly closed by Epic Games,” Oded Vanunu, head of products vulnerability research for Check Point, told The Independent.
“Cloud platforms such as these are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold, so enforcing two-factor authentication should be done to mitigate these types of account takeover vulnerability.”
With more than 80 million players worldwide, Fortnite has become a popular target for cyber criminals over the last year.
Previous attacks have involved links offering free V-bucks that actually spread malware, as well as fake Android apps claiming to be the game itself.
The latest discovery was far more sophisticated and sinister, according to Check Point, and provided the ability for a “massive invasion of privacy.”
The researchers concluded their report: “The underlying takeaway... is to always be vigilant when receiving links send from unknown sources. After all, for the attack to be successful many phishing attacks do not require any further action from the user other than clicking on the link.”
Epic Games did not respond to a request for comment.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments