A Fortnite security breach was discovered in November by security cyber security company Check Point Software Technologies. Hackers were able to gain access into player’s Fortnite accounts, type in the chat as the user, buy in-game items with credit cards and more.
Check Point Software Technologies immediately alerted the developer at Epic Games, according to NBC News, with the company since confirming it has fixed the flaw. The security issue was tied to flaws in two of Epic Games’ sub-domains, meaning that to fall victim to the attack, players only needed to click on a fake link that was designed to look like it was coming from an Epic Games domain.
“Well one way Epic Games helps us combat this is by enabling two-factor authentication, making it that when logging into my account from a new device, I would need to enter a security code sent to my email address,” Jake Kaiser, a philosophy major, said.
This security breach gave hackers full access to the user’s account and personal information, allowing them to purchase in-game currency, v-bucks, on the victim’s payment card details as well as let them listen to in-game talk after joining a match.
“Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy,” said Oded Vanunu, head of products vulnerability research for Check Point, in a press release.
Fortnite, created by video game developer Epic Games, has experienced two incredible years of growth. Played by over 75 million people last year, the game is estimated to have made over $1.9 billion in merchandise and in-game purchase over 2018 alone.
Given the volume of players that interact with Epic Games a phishing campaign using Epic Games own messaging system would be quite effective. Game researchers also noted that Fortnite has also become a hub for criminals looking to launder money from stolen credit cards by selling accounts for the game.
Epic Games has also advised their user base to take measures against this in the past, but the attacks could have been going on since 2018. There are an estimated 200 million Fortnite players worldwide, as of a report earlier this month. The game can be played on consoles, PCs and on iOS and Android smartphones. Fortnite is accessible to a wide variety of people today and millions of people are risking to become a victim in these breaches.
