A security bug in Epic Games’ Fortnite allowed a group of hackers to gain access to user accounts. Researchers at Check Point Research discovered this flaw and notified Epic Games, therefore, leading to the subsequent patching of the bug within a few weeks.
The hackers were able to access the accounts after the users clicked on a suspicious link that was sent to them. In a statement, Epic Games thanked Check Point Research for their assistance and emphasized the importance of security for Fortnite users, saying:
“We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.”
Once the hackers had gained control of the user accounts, they could potentially eavesdrop on conversations taking place in the game. Furthermore, they could purchase and gift V-bucks, the in-game currency. It is also worth noting that since Fortnite does not allow multiple logins from a single account, once a hacker was signed in, the victim was unable to log on to his or her own account.
As far as the nature of the vulnerability is concerned, it basically involved Epic Games’ Single Sign-On implementation that is used by other login providers as well, including Facebook, Google+, Xbox and PlayStation Network.
It leads to a redirect URL which is then exploited by hackers to lead the victim to a vulnerable web page where the username and password are subsequently stolen. However, for this entire hack to work successfully, a user must click on a malicious link that is sent to his or her account.
While the flaw has been corrected, malicious attempts towards Fortnite user accounts are still common, including money laundering schemes that involve the use of stolen credit cards to purchase V-bucks and later sell them on the dark web at discounted prices.
The Honhar Scholarship Program Phase II, inaugurated by Chief Minister Maryam Nawaz Sharif of Punjab,…
The Itel S25 series, known for its durability and affordability, recently faced scrutiny during a…
WhatsApp has officially confirmed that, beginning January 1, 2025, it will end support for Android…
According to data from the Pakistan Bureau of Statistics (PBS), Pakistan imported mobile phones worth…
The European Union (EU) has expressed concern over the recent convictions of 25 civilians by…
The State Bank of Pakistan (SBP) has officially declared Wednesday, December 25, 2024, as a…