In January 2019, Epic Games reported a security flaw in Fortnite which gave attackers access to player account information.
Experian sent an email to many of its users its platform urging them to update their security information on all services owned by Epic Games, including Fortnite.
The bug allowed malicious users to access a Fortnite players account, revealing personal information, and even allowing attackers to process purchases via the compromised account. The full briefing from Experian is as follows…
[Epic Games] just announced a security flaw that’s exposed [Fortnite] player information.
A bug in Fortnite’s log-in system could’ve allowed hackers to impersonate players and charge in-game currency to their stored credit cards.
Hackers could’ve then moved those purchases to their other accounts.
While there are about 200 million registered Fortnite accounts, it’s still unclear how many players may have had their data compromised by the bug.
Viewing the Experian article provides users with a rather similar breakdown on the situation…
In January 2019, Fortnite creator Epic Games acknowledged security researchers from Check Point Software had discovered a major cybersecurity vulnerability in the popular game. The flaw may have enabled hackers to access player accounts, where they could possibly covertly steal login credentials and gain access to stored credit card information as well as in-game friends and contacts.
Nick Chester of Epic Games acknowledged this report, though he denied the rumor that attackers were able to eavesdrop on players in-game chat; telling the Washington Post…
Bad actors/hackers were not able to eavesdrop on conversations as is suggested here,” he said in an email. “This is not in any way factual.
Oded Vanunu, Check Point’s head of products vulnerability research told the Washington Post that this exploit may have been live since late 2018.
The chain of the vulnerabilities within the log-in flow provide[d] the hacker the ability to take full control of the account.
Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy.
It’s very important that players enable 2-Factor Authentication and use a unique, secure password on all services. Check out Epic Games’ security blog post for more information.