Tech

Hackers could exploit the Fortnite login page to capture accounts

Hackers could exploit the Fortnite login page to capture accounts

The report also said, but Epic did not confirm, that hackers could have eavesdropped on players' conversations in the game's voice chat.

We've seen games come out with formats of their own to catch Fortnite's lightning in a bottle such as PUBG and Call of Duty: Black Ops 4 but none have been able to directly match Fortnite. While both Fortnite and its battle royale mode launched in 2017, it didn't really take off until 2018, with the help of popular streamers and YouTubers spreading the word.

According to the researchers, the security vulnerability was first discovered back in November of past year and, thanks to some quick work on the part of Epic Games (Fortnite's publisher), has officially been closed since late December. All that a player needs to do is click on a link sent to them by the hacker to grant access to their accounts.

An Epic Games spokesperson said in an email statement: "We were made aware of the vulnerabilities and they were soon addressed".

Fortnite enjoys mad popularity, with at least 78 million monthly players, while statistics point to around 200 million registered users. The game has nearly 80 million players worldwide while professional gamers and e-sport enthusiasts also use it besides the casual players.

Epic Games confirmed Check Point had alerted it to the flaw and that it had been fixed.

More news: 117 people feared dead as migrant boat sinks off Libya

Based on its findings, SuperData notes that while Epic Games made more money from players' purchases of character skins and emotes, 34 percent of USA gamers also paid for a seasonal battle pass, a feature in a Battle Royale that rewards players with in-game items by playing and completing challenges during a given time. These flaws provided the ability for a massive invasion of privacy", He adds, "Together with the vulnerabilities we recently found in the platforms used by drone manufacturer DJI, show how susceptible cloud applications are to attacks and breaches.

The exploit was unveiled today by security researchers at Check Point Software Technologies, which released a video showing how hackers could've used security tokens (you know, those things that got Facebook in trouble a few months ago) to get around login pages. The same login method also removes the need for you to remember a password to access the game.

Once clicked, the user's Fortnite username and password could be immediately captured by the attacker without the user entering any login credentials.

"Enforcing two-factor authentication could mitigate this account takeover vulnerability", said Vanunu.

Creators have been increasingly taking legal action against Epic Games for what many of them are calling unfair and uncredited use of their dance moves as Fortnite dances.