A vulnerability allows hackers to take possession of the player’s Fortnite account, steal his data and spend money to buy V-Buck
Fortnite has risked coming under hacker attack and endangering the profiles of millions of players. To launch the alarm the computer security company Check Point, expert in cybersecurity solutions and always in the forefront when it comes to discovering new flaws in programs or services most used by users. Fortunately, Check Point and Epic Games (the company that developed Fortnite) have already intervened to fix the vulnerability and secure users’ accounts.
The flaw discovered by Check Point researchers allowed hackers not only to take possession of a player’s Fortnite account, but also to obtain all his personal data and buy virtual currency of the video game (V-Buck) through his credit card. In addition, the hacker would also have been able to eavesdrop on conversations, read chats and listen to the noises in the room where the user was playing Fortnite.
Fortnite, how the vulnerability discovered by Check Point works
This is not the first time that Fortnite becomes the protagonist of a hacker attack. Already a few months ago, the video game was used for a phishing campaign that promised to give away V-Bucks (Fortnite’s virutal currency) in exchange for their personal data. The BBC has even discovered the existence of a black market of Fortnite accounts: hackers steal profiles using rare skins and resell them in the dark web.
The flaw discovered this time by Check Point is much more articulated and includes several steps. Epic Games’ web structure had three vulnerabilities and they affected the token-based authentication process used in conjunction with Single Sign-On (SSO) systems like Facebook, Google and Xbox. Simply put, the vulnerabilities affected authentication processes that ask you to log into a service via your Facebook, Google or Xbox profile.
To fall into the hacker’s trap, all you had to do was click on a phishing email sent by Epic Games, but which was actually sent by a hacker. Clicking on the authentication token gave your Fortnite login details to the attacker and basically said goodbye to your personal profile. According to Check Point, the hackers managed to get the data from the tokens because of two Epic Games subdomains that were exposed to malicious redirection. A very articulated strategy, but it was paying off.
How to defend your Fortnite account from hackers
As said, the vulnerability has been fixed and now it is impossible for hackers to continue in their work. Check Point and Epic Games, however, warn users about phishing emails that promise to get free virtual currency in exchange for personal or sensitive data. To be safe from unpleasant surprises, Epic Games invites all users to activate two-factor authentication, the safest system to protect your Fortnite account. With two-factor verification, if a hacker managed to get hold of your password, he would also have to know a second code that is only in your possession. In addition, activating two-factor authentication will also give you a free emote.
A tip for parents, too: always check what your kids are doing online. They could fall into one of the many traps set by hackers without realizing it. Educating them about the dangers of the Web would be a good start.