Home » Tech

Fortnite security flaw allowed hackers to overtake user accounts easily

21 January, 2019, 02:00 | Author: Lloyd Doyle
  • Fortnite is so big, criminals are now using it to launder stolen money

The company wrote in a blog post Wednesday that it had identified a vulnerability in the enormously popular Fortnite video game that represented a considerable threat to the video game's 80 million registered players. The vulnerability that was found in some developer's sub-domains allows crooks to obtain username and password for the account, and all the victim has to do is click on a link provided by the attackers.

According to The Verge, hackers who used this exploit would buy Fortnite's in-game currency (V-Bucks) using the hijacked accounts, gift those V-Bucks to another account, and then sell the V-Bucks at a discounted rate to other players on the dark web. "We thank Check Point for bringing this to our attention." said an Epic Games spokesperson. It suggests that players should be careful when sharing information online, and always question the legitimacy of messages - particularly ones bearing attachments or requesting the sharing of personal data.

Fortnite, for those still unaware, is a gaming phenomenon - drawing, according to Epic Games, 78.3 million players in August of 2018 alone.

Data analysis firm SuperData today reported that Fortnite earned $2.4 billion in revenue last year, topping the list of games for the year (and probably beating out top earners of years past easily).

He also advised Epic Games to update their security protocols, and occasionally test their systems to detect and patch potential vulnerabilities.


Check Point researchers said they could launch a phishing attempt-a fake message that looked like it came from Epic Games-that would trick people into clicking on the tampered link. Once the user authenticates into Fortnite, the login page redirects to the attacker's page, which asks the SSO provider for the access token.

As Fortnite doesn't permit multiple sign-ins to the same account, if the hacker is on the victim's account, the victim can't log on.

We value the ability of players to adapt to the game changing over time.

Moreover, to lessen the chances of falling foul to attacks of this nature, the company advises users to enable two-factor authentication, meaning that when logging into their account from a new device, the player would need to enter a security code sent to the account-holder's e-mail address or mobile phone. Apparently, the malicious link disguised as being from Epic Games would be advertising free in-game credits to incite users to click.

Fortnite's in-game currency V-Bucks has been known to be used to launder real-world money for cyber-criminals, continuing a well-known industry trend.

Recommended:



Popular

Nearly 400 arrested after digging holes to cross border into US
On Wednesday, almost 250 immigrants were taken into custody at the same crossing after turning themselves in to authorities. During Monday's apprehension, only three agents were patrolling a 26-mile stretch of the border.

Lonzo Ball on Lakers win over Thunder: 'We did it together'
If the Los Angeles Lakers want a successor to LeBron James it might be wise to acquire a player that dominates the way Davis does. Knicks guard Emmanuel Mudiay had 25 points, seven rebounds and two assists in New York's 101-100 loss to the Washington Wizards.

Juventus beats Milan to win Italian Super Cup in Jeddah
Mayweather posed for photos with a host of Juventus stars, including Ronaldo, Miralem Pjanic, Paulo Dybala and Giorgio Chiellini. Higuain endured a hard spell in Milan , scoring a measly eight goals in 22 appearances in all competitions.

Michael Steele Accuses GOP Senators of 'Collusion' for Blocking Russian Sanctions
The Senate's Republican majority leader, Mitch McConnell, dismissed the Democratic-led resolution as a political stunt. Congress has the power to reject any lessening of sanctions on Russian Federation , but only if it has enough votes.

China’s Military Modernizing to Invade Taiwan, Says Pentagon Report
Washington has no formal ties with Taiwan but is bound by law to help it defend itself and is the island's main source of arms. Beijing has stepped up pressure on Taiwan since independence-leaning Tsai won presidential elections in 2016.

Focus remains on potential weekend storm; flurries possible tonight, tomorrow
The low could dip into the single-digits Sunday night, with a high near 19 expected for Monday , according to the weather service. The precipitation then moves into the Philly areas around 10 p.m. before overtaking the whole region shortly thereafter.

Missing Wisconsin teen Jayme Closs found alive, suspect in custody
Elizabeth Smart says it is a "miracle" that a 13-year-old Wisconsin girl missing for almost three months has been found safe. A man believed to be connected to the case is now in custody. "But other than that she didn't give us a ton of detail about".

China Says Negotiations With US 'Lay Foundation' for Resolving Trade Dispute
China also restarted purchases of American soybeans last month, providing relief for a crop hit by Chinese retaliatory tariffs. China is facing the daunting task of presenting a credible plan to meet Trump's demands to cut down the trade deficit.

Djokovic thrashes Murray in Open practice match
Halep has drawn another first-round against Kaia Kanepi , who beat her at the same stage at last year's U.S. This year's edition of the season's opening Grand Slam in Melbourne Park begins Monday.

Warriors ask National Basketball Association to investigate Cavs' signing, release of Patrick McCaw
The person spoke to The Associated Press on condition of anonymity because no details of the probe have been revealed publicly. Some have speculated the Cavaliers made the moves to spite the franchise that beat them in three of the past four NBA Finals.