Search results
Jan 17, 2019 · And phishing scams can be stopped by simply avoiding the email and going straight to the source to be sure you’re working with the real deal. In the case of this particular scheme, you should be able to check your account status on the Fortnite website and determine the legitimacy of the request from there. Use a strong, unique password. If ...
Jan 16, 2019 · To fall victim to this attack, a player needed only to click on a crafted phishing link — one typically designed to look like it was coming from an Epic Games domain. IE 11 is not supported.
Jan 16, 2019 · The attack – discovered by security researchers at Check Point – manipulates Fortnite’s login process to capture usernames and passwords. Once stolen, login credentials might be used to buy more V-Bucks – Fortnite’s in-game currency – at a victim’s expense, or access a compromised user’s in-game contacts or other account data.
- John Leyden
- Overview
- Security tokens strike again
- Get daily insight, inspiration and deals in your inbox
News
By Nick Pino
published 16 January 2019
Researchers discover security token loophole on Epic Games’ website
While most of the gaming world watched Ninja become the biggest name in online gaming while playing Fortnite, the game’s publisher was hard at work closing a security vulnerability that could’ve compromised player’s account information.
The exploit was unveiled today by security researchers at Check Point Software Technologies, which released a video showing how hackers could’ve used security tokens (you know, those things that got Facebook in trouble a few months ago) to get around login pages.
Without diving too deep down the security rabbit hole, the way the exploit worked was that hackers would send a phishing link to an unsecured URL on Epic Games’ website - ironically, a stats page for Unreal Tournament 2004… which was basically the Fortnite of its day minus all the streamers and sweet dance moves.
That page was open to cross-scripting attacks that allowed Check Point to inject some malicious code, redirecting incoming traffic - and any security tokens sent along with it - from the publisher’s servers to Check Point’s.
Once the phishing link was clicked by the victim, the hacker would be able to get a security token which they could then use to login to Fortnite. Once in, if the victim had a credit card on file that could be used to buy in-game items or listen in to their friend’s conversations.
Thankfully, however, there are no reported incidents where hackers used the exploit to steal login tokens to Fortnite. Facebook on the other hand, which just last year had hackers steal security tokens for 30 million of its users, wasn’t so lucky.
According to the researchers, because all the info was routed through an Epic Games website, it's unlikely that anti-phishing software would've caught the bug... so that's comforting.
Thankfully, for now, your account info is safe and sound. That being said, if your friend asks you to check out their stats from a 15-year-old video game, you should err on the safe side and not click the link.
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors
Jan 16, 2019 · The attack makes use of a set of vulnerabilities in Fortnite's login process but doesn't steal players' passwords. Instead, it nabs the single sign-on (SSO) token used for authentication, such as ...
- Nicole Kobie
Phishing is still the most widely used cyber attack vector, and criminal attack campaigns often use spoofed websites to deceive your users so they simply allow the bad guys to take over your network. Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.
People also ask
How do phishing attacks work in Fortnite?
How did the Fortnite phishing exploit work?
What happens if you get a phishing link in Fortnite?
What happens if a Fortnite account is hacked?
Is Fortnite a doppelgänger phishing site?
Why was Fortnite hacked?
Fortnite, for those still unaware, is a gaming phenomenon — drawing, according to Epic Games, 78.3 million players in August of 2018 alone. That's a lot of potentially hacked accounts. That's a ...
