Advertisement

A 'Fortnite' security flaw could have exposed players' accounts

An 'Unreal Tournament' page from 2004 was the root of the problem.

Fortnite fans who are able to log in and play without any issues (other than being eliminated before so much as building a ramp) might thank their lucky stars Epic Games has resolved a security issue. Check Point security researchers found vulnerabilities on Epic's site that could have let hackers access accounts.

By exploiting an unsecured Unreal Tournament stats page from 2004, researchers were able to listen to Fortnite squad members speaking with each other and could have bought V-Bucks virtual currency using players' stored credit card details. The researchers found the problem in November. Epic has since resolved it and taken down the offending page.

The researchers were able to redirect access tokens (a type of authentication which keeps you logged into a service) from Epic's servers to Check Points' own, meaning they could access accounts without requiring passwords. You could have been affected even if you used a Facebook, Google, PlayStation, Nintendo or Xbox account instead of your Epic username and password to log in. Hackers used a similar method to steal 29 million Facebook users' data last year.

It's not the first significant security issue Epic has faced with the game. Soon after Fortnite arrived on Android, it emerged Epic's installer for such devices had a flaw that could have fooled players into installing a malware-packed fake version of the ultra-popular title.