Posted on January 18, 2019 at 3:26 PM
According to recent reports, millions of players of Epic Games’ online game called ‘Fortnite’ were vulnerable to a hacking attack due to a flaw in the game’s log-in system. The vulnerability could have allowed hackers to access and hijack users’ accounts.
The bug, which is currently patched at this point, was discovered by Check Point researchers Alon Boxiner, Eran Vaknin, and Oded Vanunu, who reported it on Wednesday, January 16th. According to a report, attackers would be able to take over users’ accounts if the users clicked on phishing links sent to them via the platform’s messaging system.
Clicking on the link would provide hackers with log-in credentials, and an easy way into the account, which researchers explained in a detailed post and a video. Once they gained access, the attackers would have the same level of control as the account’s real owner. This includes interaction with other players, the ability to purchase in-game currency via the account owner’s credit card, as well as getting access to real owner’s personal information.
As mentioned, the bug was reported to have been fixed, and the game that became one of the largest hits in 2018 is currently safe to play. Epic Games stated that that the flaw was addressed as soon as Epic Games pointed it out, and they thanked the research company for bringing it to their attention. The firm also stated that their users are encouraged to always protect their accounts by using strong and unique passwords, and by not sharing their sensitive information with others.
Check Point uncovered the bug in the fall of 2018, which is when they notified Epic Games of its existence. This happened in mid-November. However, while the game maker failed to respond, the bug still got patched at some point in December, according to the report.
Data security issues continue in 2019
As mentioned, Fortnite was one of the most successful games in 2018. The game is considered to be one of the most popular releases in video game history, and it has more than 80 million monthly players.
Due to its popularity, a bug like this could have had severe consequences on a lot of users, although researchers believe that the vulnerability was not discovered before the patch was introduced. According to their findings, there is no evidence that hackers have found it in the past, although Epic Games did not officially confirm or deny these claims.
One of the researchers who discovered the flaw, Eran Vaknin, stated that users should watch out for signs that their account was accessed by a third party. Some of the obvious signs would be the change in user information, suspicious credit card transactions, or difficulties in logging into the account. Vaknin added that Fortnite players should consider implementing a two-factor authentication mechanism in order to prevent others from accessing it, or at least to learn of the breach as soon as possible.
He also advised Epic Games to update their security protocols, and occasionally test their systems to detect and patch potential vulnerabilities.
Fortnite has already suffered hacking incidents in the past, most notably in March 2018. Back then, dozens of players reported hackers hijacking their accounts and making fraudulent charges. After receiving the reports, Epic Games refunded the players and introduced two-factor authentication.
While the danger may have been dealt with at this point, the discovery of such a severe flaw serves as yet another reminder that online consumers’ personal data remains unsafe and vulnerable. Other high-profile incidents that occurred recently included the hack of Marriot hotel company, which has seen the theft of personal data of nearly 400 million guests over the course of several years, as well as Cambridge Analytica incident involving Facebook.
Finally, only yesterday, security researcher Troy Hunt reported the leakage of 773 million email addresses as well as over 20 million passwords, which is considered to be one of the largest data leakages in the last several years.