Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in
Fortnite login flaw left millions of players exposed to hackers
Check Point researcher tells The Independent he believes it is entirely possible that these flaws could have already been exploited by hackers without victims even knowing
For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails
Sign up to our free breaking news emails
A major security flaw with the hugely popular game Fortnite left millions of players exposed to hackers, according to new research.
Cyber security firm Check Point discovered the vulnerability, which allowed people to steal the login credentials of Fortnite players without them even knowing about it.
For the attack to be successful, all the victim would have to do is click on a link shared via a chatbox on Fortnite or through social media. Once clicked, the hacker could gain access to a player’s username, password, V-bucks currency and any data stored on their account – without the victim even having to enter their login credentials.
The head of the Check Point research team believes it is entirely possible that these flaws could have already been exploited by hackers, despite no reported instances of attackers making use of the exploit.
This is because the method of intercepting the authentication credentials left very little trace. Before publishing the research the Check Point researchers contacted Fortnite developer Epic Games and the vulnerabilty has since been fixed.
“It is possible that the flaws we discovered could have already been exploited by hackers before they were responsibly closed by Epic Games,” Oded Vanunu, head of products vulnerability research for Check Point, told The Independent.
Gadget and tech news: In pictures
Show all 25
“Cloud platforms such as these are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold, so enforcing two-factor authentication should be done to mitigate these types of account takeover vulnerability.”
With more than 80 million players worldwide, Fortnite has become a popular target for cyber criminals over the last year.
The latest discovery was far more sophisticated and sinister, according to Check Point, and provided the ability for a “massive invasion of privacy.”
The researchers concluded their report: “The underlying takeaway... is to always be vigilant when receiving links send from unknown sources. After all, for the attack to be successful many phishing attacks do not require any further action from the user other than clicking on the link.”
Epic Games did not respond to a request for comment.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies