Search results
Jan 17, 2019 · And phishing scams can be stopped by simply avoiding the email and going straight to the source to be sure you’re working with the real deal. In the case of this particular scheme, you should be able to check your account status on the Fortnite website and determine the legitimacy of the request from there. Use a strong, unique password. If ...
Jan 16, 2019 · Login credentials could have been stolen with ease. Web back-end vulnerabilities in Fortnite created a mechanism for hackers to intercept and surreptitiously steal gamers’ login credentials. The attack – discovered by security researchers at Check Point – manipulates Fortnite’s login process to capture usernames and passwords.
- John Leyden
- Weak passwords. One of the biggest mistakes you can make in online gaming security is to use a weak password when creating your gaming account. A short password, especially one that uses common words that could be quickly guessed by a hacker’s software, can be cracked in milliseconds.
- Data breaches. Data breaches and leaks are another password goldmine for hackers. Unfortunately, there’s not much you can do to protect yourself as this depends on the cybersecurity of the company that stores your data.
- Credential stuffing. If you reuse passwords on multiple accounts, you may also be vulnerable to credential stuffing attacks. If your login details have been previously leaked or a hacker breached any other account of yours, they will probably try to reuse the same login details on other platforms.
- Cross-site scripting. Cross-site scripting is another type of attack widely used by hackers to steal your login details. How does it work? Some website servers do not reconfirm authentication every time they exchange information.
Jan 16, 2019 · The attack makes use of a set of vulnerabilities in Fortnite's login process but doesn't steal players' passwords. Instead, it nabs the single sign-on (SSO) token used for authentication, such as ...
- Nicole Kobie
- Overview
- Security tokens strike again
- Get daily insight, inspiration and deals in your inbox
News
By Nick Pino
published 16 January 2019
Researchers discover security token loophole on Epic Games’ website
While most of the gaming world watched Ninja become the biggest name in online gaming while playing Fortnite, the game’s publisher was hard at work closing a security vulnerability that could’ve compromised player’s account information.
The exploit was unveiled today by security researchers at Check Point Software Technologies, which released a video showing how hackers could’ve used security tokens (you know, those things that got Facebook in trouble a few months ago) to get around login pages.
Without diving too deep down the security rabbit hole, the way the exploit worked was that hackers would send a phishing link to an unsecured URL on Epic Games’ website - ironically, a stats page for Unreal Tournament 2004… which was basically the Fortnite of its day minus all the streamers and sweet dance moves.
That page was open to cross-scripting attacks that allowed Check Point to inject some malicious code, redirecting incoming traffic - and any security tokens sent along with it - from the publisher’s servers to Check Point’s.
Once the phishing link was clicked by the victim, the hacker would be able to get a security token which they could then use to login to Fortnite. Once in, if the victim had a credit card on file that could be used to buy in-game items or listen in to their friend’s conversations.
Thankfully, however, there are no reported incidents where hackers used the exploit to steal login tokens to Fortnite. Facebook on the other hand, which just last year had hackers steal security tokens for 30 million of its users, wasn’t so lucky.
According to the researchers, because all the info was routed through an Epic Games website, it's unlikely that anti-phishing software would've caught the bug... so that's comforting.
Thankfully, for now, your account info is safe and sound. That being said, if your friend asks you to check out their stats from a 15-year-old video game, you should err on the safe side and not click the link.
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors
Jul 8, 2022 · 4) Hacks and cheats. Every player wants to be at top of their game. While some achieve this feat by grinding and putting in hours, others often turn to hacks and cheats. These malpractices have ...
People also ask
How do phishing attacks work in Fortnite?
What happens if you get a phishing link in Fortnite?
How did the Fortnite phishing exploit work?
What if a Fortnite account is hacked?
Did hackers steal Fortnite login tokens?
Did Fortnite have a security flaw?
Jan 16, 2019 · The attacker would have to send the phishing link on the platform the victim logs into Fortnite from -- so if you tied your Epic Games' account to Facebook, the hack would have to go through the ...
