News

Fortnite Hacked: A Massive Loophole Made Hackers Take Over Your Accounts

As per reports, this bug even allowed hackers to eavesdrop on your in-game conversations.

Fortnite Hacked

Fortnite, created by Epic Games, is undoubtedly one of the most famous video games in the world and accounts for almost half of the company’s $8bn estimated valuation. With such massive popularity, cybercriminals stealing access to player’s account illicitly should not come as a surprise for the game.

However lately, Check Point Research pointed out multiple vulnerabilities in Epic Games’ Fortnite, which allowed hackers to control the players’ accounts, view their personal information, purchase in-game items through their credit cards, and drop into their in-game conversations.

The cybersecurity firm discovered the Fortnite security bug in November, and it was later fixed in January. An Epic Games spokesperson said,

In this case, the issue that caused the security to oscillate wasn’t related to passwords, but instead, was created because the Epic Games’ account page had not been validated. It leads to a redirect URL to a separate, malicious webpage, allowing users’ authorized login tokens to be intercepted by hackers from compromised sub-domain using custom JavaScript codes.

Or in layman language, the hackers sent a malicious link to the users’ Fortnite account, which, when clicked, redirected attackers to a page that stole their login credentials.

Oded Vanunu, Check Point’s Head of Product vulnerability research stated,

How Was Fortnite Hacked?

The Fortnite security flaw initially started due to an Epic Games page from 2004 that created a small loophole for hackers to take over people’s accounts.

Researchers at Check Point found an unsecured URL on ut2004stats.epicgames.com, a records page for the Unreal Tournament that Epic Games first developed in 1998.

Access Tokens are codes generated by different platforms that keep you logged in so you don’t have to hustle every time you open a page. When cybercriminals stole information of around 30 million Facebook users, they used access tokens to do it. Similarly, the Fortnite loophole allowed hackers to log into your Epic games account in many different ways, using these tokens from Facebook, Google and Xbox accounts.

Eran Vaknin, a security researcher at Check Point, said that if you had linked your Epic Games’ account to Facebook, the hack would have to go through the social network.

As the affected page had an Epic Games’ URL, it made victims less suspicious about the whole scenario. Mr. Vaknin further added that the attack is happening without any user interference.

As people are becoming aware of these phishing attacks and more careful about typing passwords on suspicious pages, hackers would be using access tokens instead. It is suggested by officials to use two-factor authentication for your accounts, which Epic Games promote as well.

Arpit Dubey
Written By
Arpit Dubey
Arpit is a dreamer, wanderer, and a tech nerd who loves to jot down tech musings and updates. With a logician mind, he is always chasing sunrises and tech advancements while secretly preparing for the robot uprising.

Think Your Professional Journey
Deserves A Spot In Our 40 Under 40 Report?

Latest Blogs

News

Neuralink’s First Patient Can Control Mouse With His Thoughts

4 min read  

We all dream of getting at least one superpower in our name. Whether it is flying freely or controlling things with your mind, the urge to be able to do something beyond the ordinary is on almost every person’s wishlist. While we know that miracles cannot happen in the real world, Elon Musk ha

News

Mark Zuckerberg Reveals Layoffs Are Not Led By AI

4 min read  

The world has witnessed some of the most frequent mass layoffs in the last 4 years. The first two of them were led by prolonged lockdowns globally. The last two years witnessed a rapid surge in AI development, followed by mass layoffs across Unicorns, enterprises, and startups. As AI efficiency is b

News

Tools Emerge To Solve The Deepfake Porn Problem

4 min read  

The number of deepfake porn videos, images, and audio content is growing like wildfire. With the boom of generative AI, deepfake technology has become one of the most abused aspects of AI worldwide. People from all backgrounds are prone to become victims of this easy-to-access technology. However, t

News

AI Has Made Valentine’s Day Dark For 77% of Indians

4 min read  

Love is in the air, but it is mixed with the essence of Artificial Intelligence. With more people believing in AI, its usage has extended to individuals communicating through AI-generated messages. Shocking revelations have come to light in a survey conducted among 7,000 people across 7 countries. W

Featured Interviews

Interview

Interview With Coyote Jackson, Director of Product Management, PubNub

MobileAppDaily had a word with Coyote Jackson, Director of Product Management, PubNub. We spoke to him about his journey in the global Data Stream Network and real-time infrastructure-as-a-service company. Learn more about him.

MAD Team 4 min read  
Interview

Interview With Laetitia Gazel Anthoine, Founder and CEO, Connecthings

MobileAppDaily had a word with Laetitia Gazel Anthoine, Founder and CEO, Connecthings. We spoke to her about her idea behind Connecthings and thoughts about the company’s services.

MAD Team 4 min read  
Interview

Interview With Gregg Temperley, Founder Of ParcelBroker App

MobileAppDaily had a word with Gregg Temperley, Founder. We spoke to him about his idea behind such an excellent app and his whole journey during the development process.

MAD Team 4 min read  
Interview

Interview With George Deglin, CEO Of OneSignal

MobileAppDaily had a word with George Deglin, the CEO and co-founder of OneSignal, a leading customer messaging and engagement solution, we learn multiple facets related to customer engagement, personalization, and the future of mobile marketing.

MAD Team 4 min read