As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.”Ĭheck Point says that enabling two-factor authentication could prevent this vulnerability from being used against someone. We thank Check Point for bringing this to our attention.
“We just wanted to assure that the awareness would be there and put things on paper.”Īn Epic Games spokesperson told CyberScoop: “We were made aware of the vulnerabilities and they were soon addressed. “It might be this flaw, it might be another flaw,” Vanunu said, in reference to these account takeover reports. However, Vanunu noted that there have been reports of account takeovers with “Fortnite” players insisting that they never clicked on malicious links or got phished.
FORTNITE LOGIN FREE
“It means that I can exploit the user by putting legitimate links from Epic Games on every social media, on every phone, on every blog and say ‘Hey, this is free V-Bucks,’” Oded Vanunu, Check Point’s head of products vulnerability research, told CyberScoop.Ĭheck Point says Epic Games resolved the flaw and there’s no direct evidence that this particular flaw was exploited outside of Check Point’s proof-of-concept.
FORTNITE LOGIN PASSWORD
If the victim is already logged in to Epic Games on that device, the attackers can siphon the token that keeps the account logged in, whether the user uses a traditional username and password login or single sign-on process (using Facebook, Google+, Facebook, PlayStation, Xbox or Nintendo account).īecause the attack uses a URL ending in “,” victims might not realize the link is spam. In a technical report, researchers describe how they were able to take control of these domains and use them to direct visitors’ traffic to another domain. Researchers said they found two old sub-domains belonging to Epic Games containing vulnerabilities that allowed for a malicious redirect attack. This type of access could have allowed hackers to see victims’ personal information, listen to their in-game voice chat and purchase V-Bucks - the game’s virtual currency - with other players’ accounts, Check Point said.
The bug only required that the targets visit a malicious link, where their login tokens could be leaked to the attackers.
The exploit involves phishing, but victims don’t need to be tricked into handing over credentials for it to work, the report shows. Epic Games, best known for the mega-popular video game “Fortnite,” fixed a vulnerability in its web infrastructure that hackers could have abused to access user accounts, as evidenced by a report from cybersecurity firm Check Point published Wednesday.
0 kommentar(er)
