Date: March 27, 2024
Fortnite, created by Epic Games, is undoubtedly one of the most famous video games in the world and accounts for almost half of the company’s $8bn estimated valuation. With such massive popularity, cybercriminals stealing access to player’s account illicitly should not come as a surprise for the game.
However lately, Check Point Research pointed out multiple vulnerabilities in Epic Games’ Fortnite, which allowed hackers to control the players’ accounts, view their personal information, purchase in-game items through their credit cards, and drop into their in-game conversations.
The cybersecurity firm discovered the Fortnite security bug in November, and it was later fixed in January. An Epic Games spokesperson said,
"We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others.”
In this case, the issue that caused the security to oscillate wasn’t related to passwords, but instead, was created because the Epic Games’ account page had not been validated. It leads to a redirect URL to a separate, malicious webpage, allowing users’ authorized login tokens to be intercepted by hackers from compromised sub-domain using custom JavaScript codes.
Or in layman language, the hackers sent a malicious link to the users’ Fortnite account, which, when clicked, redirected attackers to a page that stole their login credentials.
Oded Vanunu, Check Point’s Head of Product vulnerability research stated,
“We started to hear there was a lot of abuse at Fortnite’s network. This is more than a game -- this is a huge infrastructure that’s serving 80 million players, who are mostly kids.”
The Fortnite security flaw initially started due to an Epic Games page from 2004 that created a small loophole for hackers to take over people’s accounts.
Researchers at Check Point found an unsecured URL on ut2004stats.epicgames.com, a records page for the Unreal Tournament that Epic Games first developed in 1998.
Access Tokens are codes generated by different platforms that keep you logged in so you don’t have to hustle every time you open a page. When cybercriminals stole information of around 30 million Facebook users, they used access tokens to do it. Similarly, the Fortnite loophole allowed hackers to log into your Epic games account in many different ways, using these tokens from Facebook, Google and Xbox accounts.
Eran Vaknin, a security researcher at Check Point, said that if you had linked your Epic Games’ account to Facebook, the hack would have to go through the social network.
As the affected page had an Epic Games’ URL, it made victims less suspicious about the whole scenario. Mr. Vaknin further added that the attack is happening without any user interference.
As people are becoming aware of these phishing attacks and more careful about typing passwords on suspicious pages, hackers would be using access tokens instead. It is suggested by officials to use two-factor authentication for your accounts, which Epic Games promote as well.
ChatGPT Saves $5000 In Wedding Planning For The Brides Of New York
AI-savvy brides of New York are utilizing the powerful LLMs of ChatGPT to plan their weddings and are saving up to $5,000 on the way.
Apple Launches OpenELM, That Outperforms Public OLMOs
Apple recently changed its stance of being a closed technology company by releasing an Open-Efficient Language Model that offers 2x accuracy.
WhatsApp Is Working On An In-App Dialer Feature
WhatsApp may soon introduce an in-app dialer to allow its users to call directly from the app using Wifi or cellular data.
X Will Soon Launch A TV App For Video Streaming
Elon Musk’s parent company of famous social media platform, X, is planning to launch an exclusive TV app for streaming videos.