The popularity of Fortnite has spawned a massive community and revenue stream for developer Epic Games, but it is not without its share of problems.
TechCrunch's Zack Whittaker today published a report on Fortnite being completely vulnerable to hackers who can have the power to hijack a whole players account, meaning the hacker can not only impersonate a player and log in to their account, but they can do this without the need of the players password.
The research, done by Check Point, says that all 200 million players of the game can be affected by this bug, which exploits three different vulnerabilities that, chained together, could have the hacker gain control of the account access token set on the player's device.
All of this was done through a malicious code exploit, where the hacker embeds a link of code on a players server by exploiting a cross-site weakness in the epicgames.com subdomain. Once the codes script loads, it steals the players account token, sending it back to the hacker.
The problem with the exploit is that it is entirely on Epic Games itself, due to how they handle login requests. A detailed video is found on TechCrunch, showing the process of the exploit.
“It’s important to remember that the URL is coming from an Epic Games domain, so it’s transparent to the user and any security filter will not suspect anything,” stated Oded Vanunu, Check Point’s head of products vulnerability research. “If the victim user is not logged into the game, he or she would have to login first. Once that person is logged in, the account can be stolen.”
Epic Games has responded to the problem swiftly, fixing the vulnerability as soon as they were able. Epic Games was unsure how many Fortnite accounts were compromised by the exploit, however, or if any data was actually stolen.
Fortnite, despite being a successful game, has also been a source of constant problems and security breaches. Just yesterday there was a report of cybercriminals exploiting Fortnite's V-Bucks system, a massive problem that security agencies have been combating for months now. Issues such as this exploit only compound the situation further.
What are your thoughts on all of this? Leave your comments below.