Latest in Gaming

Image credit: Anadolu Agency via Getty Images

A 'Fortnite' security flaw could have exposed players' accounts

An 'Unreal Tournament' page from 2004 was the root of the problem.
254 Shares
Share
Tweet
Share
Save

Sponsored Links

Anadolu Agency via Getty Images

Fortnite fans who are able to log in and play without any issues (other than being eliminated before so much as building a ramp) might thank their lucky stars Epic Games has resolved a security issue. Check Point security researchers found vulnerabilities on Epic's site that could have let hackers access accounts.

By exploiting an unsecured Unreal Tournament stats page from 2004, researchers were able to listen to Fortnite squad members speaking with each other and could have bought V-Bucks virtual currency using players' stored credit card details. The researchers found the problem in November. Epic has since resolved it and taken down the offending page.

The researchers were able to redirect access tokens (a type of authentication which keeps you logged into a service) from Epic's servers to Check Points' own, meaning they could access accounts without requiring passwords. You could have been affected even if you used a Facebook, Google, PlayStation, Nintendo or Xbox account instead of your Epic username and password to log in. Hackers used a similar method to steal 29 million Facebook users' data last year.

It's not the first significant security issue Epic has faced with the game. Soon after Fortnite arrived on Android, it emerged Epic's installer for such devices had a flaw that could have fooled players into installing a malware-packed fake version of the ultra-popular title.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
254 Shares
Share
Tweet
Share
Save

Popular on Engadget

How Weber used decades of expertise to improve smart grilling

How Weber used decades of expertise to improve smart grilling

View
London police begin using live facial recognition tech across the capital

London police begin using live facial recognition tech across the capital

View
The Morning After: Sonos tries again, and Tinder's new tools

The Morning After: Sonos tries again, and Tinder's new tools

View
Samsung is building its own version of AirDrop called Quick Share

Samsung is building its own version of AirDrop called Quick Share

View
Boston Dynamics gives its robot dog a developer SDK

Boston Dynamics gives its robot dog a developer SDK

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr