NewsBite

Fortnite Battle Royale security flaw leaves 80 million players vulnerable to hackers

Fortnite players’ accounts were left vulnerable for at least two months, revealing everything from bank details to in-game conversations.

'The Carlton' vs Fornite

The personal details and bank accounts of Fortnite’s 80 million players were left vulnerable to hackers for at least two months, a cyber security firm revealed today, due to a flaw in the game’s sign-on technology.

The mistake left entire Fortnite accounts vulnerable to theft, and could have seen players’ names and contact details stolen, in-game currency purchased, and even allowed thieves to listen in to conversations while players were logged into the game.

Three security vulnerabilities were discovered in Fortnite Battle Royale’s login process, which hackers could have exploited. Picture: Jennifer Dudley-Nicholson
Three security vulnerabilities were discovered in Fortnite Battle Royale’s login process, which hackers could have exploited. Picture: Jennifer Dudley-Nicholson

Software security firm Check Point discovered and reported the vulnerability to Epic Games in November, though the flaw was only patched late last month.

Check Point product vulnerability research head Oded Vanunu said games like Fortnite were big targets for hackers given their large audiences, and players should take extra care to use all security features to lock their accounts.

“Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy,” he said.

“These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold.”

Check Point product vulnerability research head Oded Vanunu advised players to add two-factor authentication to their accounts. Picture: Frederic J. Brown/AFP
Check Point product vulnerability research head Oded Vanunu advised players to add two-factor authentication to their accounts. Picture: Frederic J. Brown/AFP

Three security vulnerabilities were discovered in Fortnite Battle Royale’s login process, and hackers could have used one of Epic Games’ sub-domains to generate and intercept a legitimate token to enter another user’s account.

The flaw is more sophisticated than previous attacks on Fortnite accounts as it doesn’t rely on users handing over their login details — a scam previously used by attackers promising gamers free V-Bucks in-game currency.

Though the security hole has now been fixed, Mr Vanunu advised Fortnite players to add two-factor authentication to their accounts as it “could mitigate this account takeover vulnerability”.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.couriermail.com.au/technology/fortnite-battle-royale-security-flaw-leaves-80-million-players-vulnerable-to-hackers/news-story/6a2d599b73a6d7ac1140a2f6bed9c5e7