Epic Games says it has fixed a vulnerability in its sub-domains that could have allowed hackers to gain access to Fortnite accounts, including making purchases with credit cards and viewing personal information.
Variety reports that cybersecurity firm Check Point Software Technologies discovered the flaw in November, and it has just been fixed this month.
"We were made aware of the vulnerabilities and they were soon addressed," an Epic spokesperson said to Variety. "We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others."
Though this is good advice, the security hole actually existed through two Epic Games subdomains that were vulnerable to malicious activities. Essentially, flaws allowed phishing links to be created that appeared to be legitimately from Epic Games. If used, the user's Fortnite authentication token could be stolen and used by a hacker to login without a username and password.
At the moment it does not appear that these vulnerabilities were exploited. Had they been, hackers could have gained access to personal information, made purchases with saved credit cards, or listened to in-game chat through the stolen account.