Sections

Cybersecurity firm exposes Fortnite vulnerability

If exploited, hackers could have viewed personal information, purchased items, and overheard chat through affected accounts

Epic Games says it has fixed a vulnerability in its sub-domains that could have allowed hackers to gain access to Fortnite accounts, including making purchases with credit cards and viewing personal information.

Variety reports that cybersecurity firm Check Point Software Technologies discovered the flaw in November, and it has just been fixed this month.

"We were made aware of the vulnerabilities and they were soon addressed," an Epic spokesperson said to Variety. "We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others."

Though this is good advice, the security hole actually existed through two Epic Games subdomains that were vulnerable to malicious activities. Essentially, flaws allowed phishing links to be created that appeared to be legitimately from Epic Games. If used, the user's Fortnite authentication token could be stolen and used by a hacker to login without a username and password.

At the moment it does not appear that these vulnerabilities were exploited. Had they been, hackers could have gained access to personal information, made purchases with saved credit cards, or listened to in-game chat through the stolen account.

Related stories

Epic and EA execs squirm under scrutiny from British MPs

Testimonies arouse suspicion and dismay from members of immersive and addictive technology inquiry

By Haydn Taylor

Sweeney: Sony enabling cross-play was "one of the greatest moments in Epic's history"

Meanwhile, Epic founder dismisses the notion of Fortnite addiction

By James Batchelor

Latest comments

Sign in to contribute

Need an account? Register now.