Epic Game’s Fornite Cybersecurity Flaw

by | Feb 2, 2019 | Blog | 0 comments


Security firm Check Point Software announced their discovery and notified Epic Games, the popular game developer.

What happened?

Hackers Might Have Gotten Information

A cybersecurity flaw in Fortnite may have allowed hackers to access players’ personal information, like stored credit card information, to resell the accounts to others. Epic Games has not yet responded to whether any user accounts were affected.

Hackers likely would have gained this information by accessing users’ Fortnite accounts using their login information for other services like Facebook, Sony’s PlayStation Network, and Microsoft’s Xbox Live. The issue likely applies to other companies that offer the so-called single sign-on feature.

An example of what may have happened

When players use their Facebook accounts to log into Fortnite, their computers receive a security token that enables them to access their Fortnite account page after being redirected via a website link. In this case, however, the website link was tampered with. Likely, players clicked into a phishing attempt that pointed players to older Epic Games websites, or subdomains. These older sites also contained a security flaw that could allow hackers to retrieve people’s security tokens that they received when they used Facebook to log into Fortnite.

Though this example targets Facebook, the issue likely applies to other companies that offer the single sign-on feature.

Is the Issue Fixed?

In late December the Fortnite developers claim to have fixed the issue right away.

The Takeaway

Check Point says that it is crucial that companies make sure that their newer apps don’t contain inadvertent connections infected and unreliable older and forgotten websites. This will be a challenge for companies as apps continue to get more complex and interconnected with other corporate IT infrastructure.

Epic Games encourages players to protect their accounts. The developer says that players should not reuse passwords and should use strong passwords. Also, to avoid sharing account information with others.

  • Was this Helpful ?
  • Yes    No
Share This

Business Development