Through a series of vulnerabilities in the technology of the Fortnite game, an attacker could have been able to gain control of user accounts on the platform, per research from Check Point. Researchers from the IT security firm told Epic Games about the bugs in November, when the developer reportedly repaired the flaws, Wired reported.
In order to take advantage of the bugs in the company’s single sign-on (SSO) setup, bad actors would make and spread a nefarious link through a forum or a message on a social media platform. Players of Fortnite who use the link, then, would make their authentication token known to hackers, who would be able to see users’ personal data and access their gameplay conversations – or even make purchases within the game.
Check Point Head of Products Vulnerability Research Oded Vanunu said, according to the report, “Today’s cybercriminals and malicious actors want access to users’ accounts, because once you’re in, you can start moving around in the cloud. So account takeovers are an emerging attack vector.”
As previously reported, the first version of Fortnite, “Save the World,” had players work together to fight off zombies by building structures. It never quite caught on, but the game’s “Battle Royale” iteration hit the web in September of 2017 and spent most of last year going viral. In the game, 99 players are brought into a virtual battleground to collect weapons and fight to the death (digitally) until one player is left standing.
There are an estimated 200 million Fortnite players worldwide, as of a report earlier this month. The game can be played on consoles, PCs and on iOS and Android smartphones. Giant Bomb Editor-In-Chief Jeff Gerstmann noted that the game is accessible: “It’s available everywhere. Almost anyone can play it on a phone, anywhere they can play games. By virtue of it [being] all over the place and free to play and a very popular type of game in terms of Battle Royale stuff, it’s kind of a perfect storm. It really all came together for them in a big way.”