Epic Patches Fortnight Bug That Allowed Hackers to Capture User’s Accounts

Even the biggest game in the world has security breaches. Epic Games had a pretty nasty one with Fortnite recently, and it could have gotten out of hand. A series of bugs that were found that, if exploited in tandem, could have left millions of Fortnite user accounts compromised. Fortunately, Epic Games has plugged the hole.

In a blog post from Check Point, a security provider, the company broke down exactly how the bugs were being exploited by hackers. It appears like there is a flaw in the way Epic Games processed logins, which made it easier to steal user’s information. With this, hackers could simply acquire a user’s access token and use that to impersonate the person, without the need for a password.

At this point, a hacker could embed a malicious link that looked like an Epic Games link, which would reroute the user to a harmful site. At this point, they would be left exposed and the hack would have resulted in easy access to the user’s information. Apparently, the malicious link disguised as being from Epic Games would be advertising free in-game credits to incite users to click. At this point, the victim’s login token would appear and the hacker would have no need for the user’s login credentials.

It’s a scary thing, but Epic Games has fixed the bugs and are working diligently to make sure its users are safe. In a statement release by the company, the company addressed the issue:

We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.

We’re glad to hear the bugs have been ironed out and hope the new patch makes it easier for Fortnite players to be kept safe.

[Source: Gamasutra]