Fortnite Left Players Open to Account Hijacking, Voice Chat Eavesdropping

Sheri Evans
January 21, 2019

Researchers from global security company Check Point have shared details of vulnerabilities that could have affected any player of the popular online battle game, Fortnite.

Security firm Check Point Software, which announced its discovery of the vulnerability on Wednesday, said it had notified Fortnite's developer, Epic Games, in November.

Money launderers use stolen credit cards to purchase V-bucks - which players use to purchase weapons, outfits and other items in the wildly popular game - from the "Fortnite" store and then resell them on the dark web.

It's unclear how many players may have been directly affected by the bug; Epic declined to comment on the scope of the vulnerability and said the matter has been addressed. We thank Check Point for bringing this to our attention. It suggests that players should be careful when sharing information online, and always question the legitimacy of messages - particularly ones bearing attachments or requesting the sharing of personal data.

Check Point is a security firm and they were the first ones to point out that a flaw in Fortnite's security has exposed the accounts of more than 200 million players.

It is unclear how much profit the criminals could get through money-laundering, although Sixgill found that 60 days of 2018 on eBay has sold game currency Fortnite worth more than $ 250000.

Free-to-play titles as a whole earned $87.7 billion a year ago, accounting for 80% of the $109.8 billion digital games revenue in 2018.

Princess Nokia accuses Ariana Grande of plagiarizing her sound
Nokia wrote the song about the relationship women of colour have with their hair. "We bought it, it's ours". The song's producers, TBHits, Scootie, and Mikey Foster, are also credited as co-writers.

Central American families, children cross into U.S. near Yuma
In December, 7-year-old Jakelin Caal and her father were among 160 migrants picked up by agents in the same stretch of desert. Democrats have refused, offering $1.3 billion for beefed-up security at the border but no money for Trump's wall.

At least 21 killed in Mexico pipeline blast
Thousands of marines have been deployed to guard pipelines and transport has been shut down altogether in places. Mexican President Andrés Manuel López Obrador visited Tlahuelilpan and met with officials at a command center.

Last fall, a security flaw allowed hackers to log into accounts without a password, according to information security group Check Point Research.

Once clicked, the user's Fortnite username and password could be immediately captured by the attacker without the user entering any login credentials.

It turned out that Epic Games had a sub-domain vulnerable to XSS, enabling the researchers to redirect the authentication token there and steal it with injected JavaScript code.

If you or your child plays Fortnite, you might want to take a closer look at your recent credit card statements.

In addition, it would have enabled a massive invasion of privacy as the threat actor could eavesdrop on in-game chatter, as well as surrounding sounds and conversations in any location the victim was playing the game.

The virtual currency used by millions of gamers who play "Fortnite" has become popular with money-laundering cybercriminals, according to reports. It is suggested by officials to use two-factor authentication for your accounts, which Epic Games promote as well.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER