over 200 million fortnite players who spend hours fighting for survival in the computer generated world. Now, researchers from security company Check Point are saying those millions of players could have had their account information accessed thanks to a vulnerability in Epic Games’ domain.
Check Point researchers say they discovered a susceptible website hosted on Epic Games’ domain—which has since been taken down—that could be used to capture users’ authentication tokens. These tokens would allow hackers to log into Fortnite accounts without the need for a user name and password giving bad actors access to live audio while users played the game, access to user information and the last four digits of saved credit cards.
Fortnite accounts are highly valued, especially if the account has amassed a large amount of accessories, which are earned or purchased through the game. Oftentimes, you can find a Fortnite account being sold through online marketplaces like eBay and Craigslist—sometimes for thousands of dollars. This gives hackers incentive to go after the free-to-play online game’s users, many of who are teens and children.
Check Point told BuzzFeed News that they hoped the news of the vulnerability would spark conversations at home between parents and children about cybersecurity and online fraud.
“Fortnite is not a game,” Check Point’s head of products vulnerability Oded Vanunu said. “It is an infrastructure, a platform, where you buy things, communicate with friends, joke with people online, and [where] most of the players are kids fortnite v bucks generator. That’s why we are happy to help Epic Games fix this, and Mae sure that consumers understand what is happening.”