Latest in Gaming

Image credit:

A 'Fortnite' security flaw could have exposed players' accounts

An 'Unreal Tournament' page from 2004 was the root of the problem.
Kris Holt, @krisholt
January 16, 2019
Share
Tweet
Share

Sponsored Links

Anadolu Agency via Getty Images

Fortnite fans who are able to log in and play without any issues (other than being eliminated before so much as building a ramp) might thank their lucky stars Epic Games has resolved a security issue. Check Point security researchers found vulnerabilities on Epic's site that could have let hackers access accounts.

By exploiting an unsecured Unreal Tournament stats page from 2004, researchers were able to listen to Fortnite squad members speaking with each other and could have bought V-Bucks virtual currency using players' stored credit card details. The researchers found the problem in November. Epic has since resolved it and taken down the offending page.

The researchers were able to redirect access tokens (a type of authentication which keeps you logged into a service) from Epic's servers to Check Points' own, meaning they could access accounts without requiring passwords. You could have been affected even if you used a Facebook, Google, PlayStation, Nintendo or Xbox account instead of your Epic username and password to log in. Hackers used a similar method to steal 29 million Facebook users' data last year.

It's not the first significant security issue Epic has faced with the game. Soon after Fortnite arrived on Android, it emerged Epic's installer for such devices had a flaw that could have fooled players into installing a malware-packed fake version of the ultra-popular title.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Paramount+ will replace CBS All Access on March 4th

Paramount+ will replace CBS All Access on March 4th

View
Samsung's latest rugged tablet gets a Dex and WiFi 6 update

Samsung's latest rugged tablet gets a Dex and WiFi 6 update

View
Synthetic cornea helped a legally blind man regain his sight

Synthetic cornea helped a legally blind man regain his sight

View
Samsung’s 870 Evo boosts the performance of entry-level SSDs

Samsung’s 870 Evo boosts the performance of entry-level SSDs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr