Critical Authentication Flaw Found in Fortnite’s Login System Leaking Private Data

  • Security research company found a major bug in Fortnite’s authentication system that could put all users’ private data at risk.
  • The bug essentially allows attackers to steal login tokens by tricking users into clicking a link.
  • The security issue has already been fixed by Epic Games, which means that no user action is needed.

Fortnite has become a major target for cybercriminals thanks to the massive player base that the popular battle royale game commands. With over 78.3 million monthly players playing the game, there is a lot of private user information at stake and Check Point Research identified a critical exploit recently that has already been patched out.

Check Point revealed that the bug takes advantage of cross-site scripting (XSS) to trick Fortnite players into clicking on malicious links during the authentication process, which allows the attacker to steal login tokens. This is quite different from how attackers stole Facebook’s login tokens last year as Epic Games account holders need to manually enter their login credentials for cybercriminals to be successful.

According to Check Point: “With the access token now in the hands of the attacker, he can now log-in to the user’s Fortnite account and view any data stored there, including the ability to buy more in-game currency at the user’s expense. He would also have access to all the user’s in-game contacts as well as listen in on conversations taking place during gameplay.

Even though the attack is not particularly complicated, people using the exploit need to have the technical know-how and also knowledge about old domains that Epic Games once owned. The Fortnite developers have a number of old sub-domains that attackers used to search for valuable data.

The interest of attackers lies primarily in Fortnite’s virtual currency also known as V-Bucks. 1000 V-Bucks is worth $10, but once attackers get access to financial information of their victims, they purchase the digital currency and sell them to other players at a discount. This results in cybercriminals profiting from the transactions while the victims’ accounts get banned.

What do you think about cybercriminals targeting Fortnite players? Let us know in the comments below. Also, don’t forget to follow us on Facebook and Twitter. Thanks!

REVIEW OVERVIEW

Recent Articles

10 Best Ultrawide Gaming Monitors in 2020

Ultrawide monitors are a relatively new trend in the world of computers, mainly because the technology required to make them feasible was not mature...

More Than 15 Billion Stolen Credentials Are Circulating Out There

Stolen credentials are sold by the billions today, as we have about 185 data breaches per day. Almost one-third of the stolen...

Here’s What We Know About Kilos, the Biggest Dark Web Market

One of the most infamous sites on the Dark Web was a search engine known as "Grams." Launched in 2014, Grams allowed users to search...

Zoom Announced the Launch of Its “Hardware as a Service” Program

Zoom calls companies to consider renting teleconferencing equipment from them and launches a new program. The hardware manufacturers that will support the...

The U.S. Copyright Office Says Pirates Shouldn’t Lose Their Internet Connection

Breaking the law is condemnable, but barring someone out of the internet world is unconstitutional. The U.S. Copyright Office is calling the...