Fortnite has patched a flaw in its user login process that could have enabled hackers to gain access to user accounts.
Make your home smarter than the average home
Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.
Click here to know more
Fortnite had a vulnerability that could have enabled hackers to gain access to a user’s account and spend money using their payment card details for purchasing the title’s in-game currency, V-Bucks. The flaw was discovered in Fortnite’s user login process, along with three vulnerability flaws in Epic Games’ web infrastructure that could enable a hacker to send a crafted phishing link to players from an Epic Games domain. Once clicked on, the user didn’t even need to give out their credentials as their Fortnite authentication token could be captured without them entering any login credentials. This serious flaw seems to have originated in two of Epic Games’ sub-domains that could be used to maliciously redirect a user’s legitimate authentication tokens to be snatched by an attacker from the vulnerable sub-domain. Epic Games fixed the issue after being notified by Check Point Research.
Check Point’s media release states that the flaw would have also allowed a hacker to listen-in on in-game conversations and conversations around the player in real life. However, in a statement to The Verge, Check Point said that listening in does not mean eavesdropping on the hacked player, but the hacker could present themselves as the victim and talk to the player’s friends. The three flaws found in epic Games’ web infrastructure, researchers would have been able to “demonstrate the token-based authentication process used in conjunction with Single Sign-On (SSO) systems such as Facebook, Google and Xbox to steal the user’s access credentials and take over their account.”
Oded Vanunu, Head of products vulnerability research for Check Point says,”Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy. Together with the vulnerabilities we recently found in the platforms used by drone manufacturer DJI, show how susceptible cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold. Enforcing two-factor authentication could mitigate this account takeover vulnerability.”
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.