Millions of Fortnite players vulnerable to hacking

Millions of Fortnite players vulnerable to hacking

One of the vulnerability, if exploited is that the attacker might have complete access to the user's account and their personal information while enabling them to purchase virtual in-game currency via the user's payment card details.

Oded Vanunu, Head of Products - Vulnerability Research, Check Point, narrates, "Fortnite is one of the most popular games played mainly by kids". It leads to a redirect URL to a separate, malicious webpage, allowing users' authorized login tokens to be intercepted by hackers from compromised sub-domain using custom JavaScript codes. The hacker also could gain access to conversations held by the player and his friends, which could be used to exploit the account owner, often children under 18.

It turns out that when a player logs in to his account by clicking on the "Sign In" button, Epic Games generates a URL containing a "redirectedUrl" parameter.

Players were also exposed if they clicked on scam phishing links that are created to look like it's issued by Epic Games and allow attackers to capture their authentication tokens which are associated which each user account. Once the player clicks on a phishing link from an Epic Games domain, his/her Fortnite authentication token could be collected by the attackers without the user's login credentials.

More news: Prince Philip Sends Well Wishes to Car Accident Victims

Even the biggest game in the world has security breaches. Instead, within the game's sub-domains, "an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker".

For all its massive, $2.4 billion success, Fortnite has stumbled a bit on the esports scene, partly because it's not ready for prime time but also because of Epic's habit of capricious rule changes and updates that catch pros by surprise. It is suggested by officials to use two-factor authentication for your accounts, which Epic Games promote as well. The hacker essentially is you on Fortnite, which gives them a great deal of control. The game revolves around a cartoonish, last-character-standing battle where players fight for weapons and resources.

Preminger added that "several steps could be taken to mitigate the phenomenon, including monitoring the transfer of high-value goods in the game, identifying players with large stockpiles of V-bucks, and sharing data with relevant law enforcement agencies".

On Jan. 9, the Better Business Bureau announced that they had assigned parent company Epic Games an "F" rating "due to unanswered customer complaints".

Related Articles