Israeli cyber experts reveal Fortnite flaw threatening millions of gamers

The vulnerabilities, if exploited, would have enabled full access to a user's account and their personal information, including purchasing in-game currency using their payment card details.

By
January 16, 2019 13:02
1 minute read.
Israeli cyber experts reveal Fortnite flaw threatening millions of gamers

Twenty Seven-year-old Christian Acevedo plays the video game 'Fortnite Battle Royale' from his home in Brooklyn, New York, U.S., on April 21, 2018. Acevedo says if he doesn't have to work the next day, he often stays up all night to play the popular game. (photo credit: JILLIAN KITCHENER/REUTERS)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

ulnerabilities potentially granting hackers access to personal information belonging to nearly 80 million players of popular online video game Fortnite were unveiled by researchers at leading Israeli cybersecurity company Check Point Software Technologies on Wednesday.

First released in 2017 by American video game developers Epic Games, Fortnite is a free-to-play battle game available on a range of platforms and consoles.

The vulnerabilities, if exploited, would have enabled full access to a user’s account and their personal information, including purchasing in-game currency using their payment card details, as well as listening to in-game chatter and surrounding sounds and conversations within the user’s home or playing location.

“Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy,” said Oded Vanunu, head of products vulnerability research for Check Point.

We see “how susceptible cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold. Enforcing two-factor authentication could mitigate this account takeover vulnerability.”

Researchers discovered multiple vulnerabilities in Epic Games’ online infrastructure, which enable hackers to exploit Fortnite’s user login process.


Researchers were able to demonstrate the token-based authentication process used in conjunction with Single Sign-On (SSO) systems such as Facebook, Google and Xbox to steal the users access credentials and take over their accounts. To fall victim, users needed only to click on a crafted phishing link fraudulently coming from an Epic Games domain.

Once clicked, the user’s Fortnite username and password could be immediately captured by the attacker without the user entering any login credentials.

Check Point notified Epic Games of the vulnerability, which has since been fixed, but warned users to always remain vigilant when exchanging information digitally and to question the legitimacy of links to information seen on user forums and websites.
Previous scams targeting Fortnite gamers have primarily focused on deceiving users into clicking on offers for “free” in-game currency and then requesting their Fortnite login details and other personal information.

Over a one-month period from early September to early October 2018, Maryland-based cybersecurity company ZeroFOX identified over 50,000 examples of Fortnite scams across social media and digital platforms.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

A demonstrator holding a Palestinian flag uses a sling to hurl stones at Israeli troops
February 16, 2019
IDF officer injured during Gaza protests

By ANNA AHRONHEIM