Fortnite’s 200 million players were revealed to be at risk following the discovery of a major flaw in the game’s account security.
A report by Check Point Research found a serious bug in the popular battle royale game that let hackers easily access user accounts.
According to the report, the hacker would be able to buy in-game currency and transfer it to separate accounts. It also said attackers would have been able to access personal information and even listen and record player conversations.
Check Point included a video with the report, showing step-by-step how a hacker could take advantage of the error.
The problem stemmed from an issue with how the game handled logging in with multiple systems, such as Xbox Live, Playstation Network and Nintendo Online. Attackers could create a link that would be emailed to the player, giving the username and password of an account to the hacker just by clicking on it and obtaining an access token.
The issue was quickly taken care of by Epic Games, Fortnite’s creator, soon after its discovery. However, the game studio would not say if any players had been affected by the bug and disputed some of the claims by Check Point.
“Epic Games takes these issues seriously, as chargebacks and fraud put our players and our business at risk,” an Epic Games spokesperson told The Hollywood Reporter. “As always, we encourage players to protect their accounts by turning on two-factor authentication, not re-using passwords and using strong passwords, and not sharing account information with others.”
This isn’t the first time the game’s young audience has been targeted. Check Point’s report detailed previous attacks, where scam artists would prod players to willingly provide account information in exchange for an opportunity to generate free V-Bucks.
The research company noted the severity of the bug was much more devious due to the ability to swipe information without asking for usernames and passwords.