A Fortnite security flaw was discovered by Check Point Research towards the end of 2018. The vulnerability allowed hackers to easily initiate a phishing scheme by sending users links that looked like login pages, but actually harvested user accounts.
CPR notified Epic Games of the flaw in November, and Epic patched the vulnerability weeks later. However, during that time — and for some time before CPR sent the notice — Fortnite users were at serious risk of fraud.
CPR details exactly how the exploit worked in a very technical explanation on its blog. However, the gist of the process was fairly simple:
Editor's Pick
Fortnite vs PUBG: Which one is right for you?The basic premise of Fortnite and PUBG is the same: you parachute onto an island with up to 99 other players, search for guns, ammo, and other supplies, and then try to take down as …
According to The Verge, hackers who used this exploit would buy Fortnite's in-game currency (V-Bucks) using the hijacked accounts, gift those V-Bucks to another account, and then sell the V-Bucks at a discounted rate to other players on the dark web.
Fortnite earns billions of dollars from in-game sales, so this fraudulent activity could be quite lucrative.
Epic Games said in a statement: "We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others."
Although this vulnerability is now patched, this should be a reminder to all to use strong passwords, change them often, and only enter credentials into trustworthy websites.
NEXT: Fortnite update hub
0 Response to "Fortnite security flaw allowed hackers to overtake user accounts easily"
Post a Comment