Sections

Cybersecurity firm exposes Fortnite vulnerability

If exploited, hackers could have viewed personal information, purchased items, and overheard chat through affected accounts

Epic Games says it has fixed a vulnerability in its sub-domains that could have allowed hackers to gain access to Fortnite accounts, including making purchases with credit cards and viewing personal information.

Variety reports that cybersecurity firm Check Point Software Technologies discovered the flaw in November, and it has just been fixed this month.

"We were made aware of the vulnerabilities and they were soon addressed," an Epic spokesperson said to Variety. "We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others."

Though this is good advice, the security hole actually existed through two Epic Games subdomains that were vulnerable to malicious activities. Essentially, flaws allowed phishing links to be created that appeared to be legitimately from Epic Games. If used, the user's Fortnite authentication token could be stolen and used by a hacker to login without a username and password.

At the moment it does not appear that these vulnerabilities were exploited. Had they been, hackers could have gained access to personal information, made purchases with saved credit cards, or listened to in-game chat through the stolen account.

More stories

Epic refutes Apple's theft claims as "implausible and deficient as a matter of law"

"Apple seeks to compare Epic's conduct to stealing cash from a vault in ApplePark," new legal filing argues

By Matthew Handrahan

Epic vs. Apple is losing PR steam | Opinion

Sensible rulings in Epic's legal dispute with Apple have pared the case back to its core question -- and shown just how disruptive Epic's demand really is

By Rob Fahey

Latest comments

Sign in to contribute

Need an account? Register now.