Fortnite Has Breach That Allows Hackers To Take Over Players' Accounts

Researchers at Check Point Research discovered a security breach in Fortnite at the end of last year. There were users who lost their accounts to hackers after clicking a suspicious link sent to them, which looks like a login page for Fortnite but it was actually used to steal the accounts. Epic Game received a report of this security issue and fixed it after a couple of weeks. Nevertheless, before that users faced the risk of losing their accounts.

Epic Games stated to The Verge:

CPR provided a very detailed explanation of how the hackers stole players' accounts on their blog. Epic Game's weakness lies in their Single Sign-On system, where users can use their Facebook, Google +, Xbox Live,... accounts to log in.  The hacker then sends a phishing link to the user, if the user clicks on the link, they will be redirected to a phishing link, which looks like Epic Game's legit website but it is actually used to steal the player's username and password.

What makes the matter even worse is that the users don't even know that their login credentials were stolen because they didn't have to input their usernames and passwords. After the accounts are stolen, the attackers can use it to launder money by buying the in-game money V-bucks, transfer it to their accounts and selling it at a lower price on the dark web. They can also commit fraud by pretending to be the victim and talk to the victim's friends.

Since Epic Games makes billions of dollars from Fortnite's in-game purchases, stealing the users' accounts to commit fraud seems to be very profitable.

Although this breach has been patched, there are still many hackers who are targeting Fortnite, therefore, this serves as a warning that players should set strong passwords, frequently change passwords, keep their login credential a secret, carefully check the log-in websites to make sure they are legit, and most importantly, to never click on suspicious links sent by strangers.