GameSpot may receive revenue from affiliate and advertising partnerships for sharing this content and from purchases through links.

Your Fortnite Account Could Have Been Hacked Via An Old Epic Games Webpage

Thankfully, the vulnerability is no longer live.

By on

3 Comments

Check Point security researchers discovered vulnerabilities in Epic Games' website, which could have been used to hack into someone's Fortnite account. According to CNET, the researchers found the exploit in November 2018, and it was subsequently fixed by Epic this month.

"We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others," an Epic Games spokesperson said.

Click To Unmute
  1. Life Eater - Official Launch Trailer
  2. Devil May Cry: Peak Of Combat | Vergil: Count Thunder Returns Gameplay Trailer
  3. The Complete FALLOUT Timeline Explained!
  4. Warhammer 40k: Darktide - Path of Redemption | Update Trailer
  5. Is Fallout 76 Good in 2024?
  6. SAND LAND - Official Darude Sandstorm Trailer
  7. Resident Evil 4 Adds Mercenaries and Microtransactions | GameSpot News
  8. Fallout: New Vegas 2 Rumors Explained | GameSpot
  9. April Xbox Game Pass Games Revealed | GameSpot News
  10. Over 15 Free Games To Claim In April | GameSpot News
  11. New Witcher Game Plans Have Changed | GameSpot News
  12. Elden Ring Death Count Revealed | GameSpot News

Want us to remember this setting for all your devices?

Sign up or Sign in now!

Please use a html5 video capable browser to watch videos.
This video has an invalid file format.
00:00:00
Sorry, but you can't access this content!
Please enter your date of birth to view this video

By clicking 'enter', you agree to GameSpot's
Terms of Use and Privacy Policy

Now Playing: Fortnite V-Bucks Money Laundering And Account Hacks Suspected - GS News Update

Unfortunately, the exploit was not one that could have been avoided via constant password changes. The vulnerability existed through an unsecured URL that was first created in 2004 for an old Unreal Tournament records page. Before the page was deactivated, a hacker could have used it to take advantage of the access tokens a player might use to log into Epic Games' servers, and their Fortnite account as a result as well. The hackers wouldn't even need to know the player's Epic Game's password either, as the exploit takes advantage of any corresponding accounts that the player might use to log in, such as Facebook, Google, or Xbox Live. When completed, the exploit allows someone to listen in on the victim's conversations with other players and also purchase in-game items with the hacked person's credit card.

"Even if you [had] a security product looking for anti-phishing, it wouldn't catch [the hack] because it's coming from a legitimate domain," Check Point head of products vulnerability research Oded Vanunu said. Vanunu went on to encourage players to enable two-factor authentication for their Epic accounts. Doing so won't protect you from all forms of hacking attempts, but it will help protect you from people trying to get at your account through access tokens. Epic seemingly agrees, as the company released a free Fortnite emote for players who enable two-factor authentication.

"Token hijacking is something that is happening on all major platforms," Vanunu continued. "We are starting to see malicious attackers looking for tokens more."

Got a news tip or want to contact us directly? Email news@gamespot.com

Fortnite
Xbox One
PlayStation 4
PC
Nintendo Switch
Join the conversation
There are 3 comments about this story
Load Comments (3)