News

Fortnite Hacked: A Massive Loophole Made Hackers Take Over Your Accounts

As per reports, this bug even allowed hackers to eavesdrop on your in-game conversations.

Fortnite Hacked

Fortnite, created by Epic Games, is undoubtedly one of the most famous video games in the world and accounts for almost half of the company’s $8bn estimated valuation. With such massive popularity, cybercriminals stealing access to player’s account illicitly should not come as a surprise for the game.

However lately, Check Point Research pointed out multiple vulnerabilities in Epic Games’ Fortnite, which allowed hackers to control the players’ accounts, view their personal information, purchase in-game items through their credit cards, and drop into their in-game conversations.

The cybersecurity firm discovered the Fortnite security bug in November, and it was later fixed in January. An Epic Games spokesperson said,

In this case, the issue that caused the security to oscillate wasn’t related to passwords, but instead, was created because the Epic Games’ account page had not been validated. It leads to a redirect URL to a separate, malicious webpage, allowing users’ authorized login tokens to be intercepted by hackers from compromised sub-domain using custom JavaScript codes.

Or in layman language, the hackers sent a malicious link to the users’ Fortnite account, which, when clicked, redirected attackers to a page that stole their login credentials.

Oded Vanunu, Check Point’s Head of Product vulnerability research stated,

How Was Fortnite Hacked?

The Fortnite security flaw initially started due to an Epic Games page from 2004 that created a small loophole for hackers to take over people’s accounts.

Researchers at Check Point found an unsecured URL on ut2004stats.epicgames.com, a records page for the Unreal Tournament that Epic Games first developed in 1998.

Access Tokens are codes generated by different platforms that keep you logged in so you don’t have to hustle every time you open a page. When cybercriminals stole information of around 30 million Facebook users, they used access tokens to do it. Similarly, the Fortnite loophole allowed hackers to log into your Epic games account in many different ways, using these tokens from Facebook, Google and Xbox accounts.

Eran Vaknin, a security researcher at Check Point, said that if you had linked your Epic Games’ account to Facebook, the hack would have to go through the social network.

As the affected page had an Epic Games’ URL, it made victims less suspicious about the whole scenario. Mr. Vaknin further added that the attack is happening without any user interference.

As people are becoming aware of these phishing attacks and more careful about typing passwords on suspicious pages, hackers would be using access tokens instead. It is suggested by officials to use two-factor authentication for your accounts, which Epic Games promote as well.

Manish
Written By
Manish

With a mixture of literature, cinema, and photography, Manish is mostly traveling. When he is not, he is probably writing another tech news for you!

Want To Hire The Best Service Provider?
MobileAppDaily will help you explore the best service providers depending on your vision, budget, project requirements and industry. Get in touch and create a list of best-suited companies for your needs.
News

Family Zoo: An App That Drives Family Zoo

4 min read  

When it comes to new games, those which reflect an aspect of real-life are often the most fun to play. We had The Sims on PC that allowed us to send Simians off on life paths we created for them.We had Farmville on Facebook which taught us the value of advance planning when it came to growing cr

News

Facebook Introduces New Music On Stories & Lip Sync Live Features To Pages

2 min read  

Looks like Facebook is on a roll! Every single day Facebook is finding its way back to the trending news section one way or another. And this time it's all about the latest features that the leading social media organization is adding on its platform. To give the user’s profile a makeover,

News

Facebook - MLB Deal: Know the Exclusives Here

4 min read  

Facebook Inc. has signed a deal with Major League Baseball or MLB to gain exclusive rights to stream 25 games on social network in the US. It is for the very first time that a prominent US league has agreed to show the games regularly on the Facebook. Talking about the deal, the league said that MLB

News

AppyParking, U.K's Award Winning Parking App Raises

4 min read  

AppyParking, U.K. based mobile app company that assists the user to easily find the nearest parking space. Aviva ventures and new shareholder Breed Reply, known for backing the Internet of Things (IoT) businesses in the initial stage have invested £2.25 million in AppyParking.AppyParki

MAD Originals
MAD Originals

Cut to the chase content that’s credible, insightful & actionable.

Get the latest mashup of the App Industry Exclusively Inboxed

  • PRODUCTS
  • SERVICES
  • BOTH
Join our expansive network, build connections and expand your brand presence.