Fortnite security flaw let attackers hijack players' accounts, buy V

Judy Cobb
January 21, 2019

"Epic Games takes these issues seriously, as chargebacks and fraud put our players and our business at risk", an Epic Games spokesperson told The Hollywood Reporter.

Unfortunately, authentication tokens can be stolen if the system isn't secure.

The method they discovered could have given any attacker the ability to log into a user's Fortnite account without the player being aware of it. All it has to do is copy the Fortnite login token.

"This isn't the first time that Epic Games has brazenly misappropriated the likeness of African-American talent".

All an attacker had to do was send a message with a phishing link to a Fortnite player via the Fortnite chat or social media.

The authentication token can be retrieved without the player entering any further login credentials, he only needs to click on the link.

The attack manipulates Fortnite's login process to capture usernames and passwords.

Starmer shifts Labour towards second European Union referendum
Pro-EU Cabinet ministers, meanwhile, are seeking to work with opposition politicians to find a way out of the morass. Britain is scheduled to leave the bloc on March 29 and so far does not have a Parliament-approved withdrawal plan.

Fortnite was 2018's top-earning game in 2018 with revenues of $2.4 billion, according to financial research company SuperData's latest report. However, it is hard to confirm this because of the numerous login stealing attack targeting Fortnite over the past year.

Organizations ought to execute thorough and regular hygiene checks on their IT infrastructure while reviewing any outdated and unused websites or sub-domains that are still present online. The original research from the company is available here. Our client Lenwood "Skip" Hamilton is pursuing similar claims against Epic for use of his likeness in the popular "Cole Train" character in the "Gears of War" video game franchise.

Security firm Check Point Software, which announced its discovery of the vulnerability on Wednesday, said it had notified Fortnite's developer, Epic Games, in November. It also said attackers would have been able to access personal information and even listen and record player conversations. The game is considered to be one of the most popular releases in video game history, and it has more than 80 million monthly players.

The news about V-Bucks being used to launder money is anything but surprising, given that crooks are using Fortnite to make money in a mind-boggling variety of ways. Dubbed V-bucks, the digital dollars were reportedly purchased from the in-game store using stolen credit cards and then resold to players at a discounted rate for bitcoin or bitcoin cash.

Fortnite, the game, has an estimated userbase count of almost 125 million gamers.

The 1,000 virtual coins needed to buy all that colorful, virtual bling will set you back about $10.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER