Entertainment

Fortnite Security Flaw Allowed Hackers to Eavesdrop on Chats, Take Over Accounts

ARE YOU LISTENING?

To fall victim to an attack, a player only needed to click on a link.

fortnite_awzsym
Benoit Tessier/Reuters

A major flaw in the security system of popular online game Fortnite exposed players to undetectable hackers, Variety reports. These hackers could control player accounts, purchase in-game items through their credit cards, and drop into in-game chats posing as the hacked player, cybersecurity firm Check Point Software Technologies discovered in November. The breach was fixed this month, according to a spokesperson for Fortnite. The company, developed by Epic Games, encouraged players to protect their accounts by using strong passwords and not re-using passwords—but in this case, the issue wasn’t related to passwords, as hackers could gain access to an account without any login information. Instead, the security hole was tied to flaws found in sub-domains that were susceptible to a malicious redirect, allowing authentic users to be intercepted by a hacker. To fall victim to an attack, a player needed only to click on a link designed to look like it was coming from an Epic Games domain. “The vulnerabilities we recently found... show how susceptible cloud applications are to attacks and breaches,” said Oded Vanunu, head of products vulnerability research for Check Point.“These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold.”

Read it at NBC

Got a tip? Send it to The Daily Beast here.