Check Point security recently found multiple vulnerabilities on Epic Games’ website that could have potentially been manipulated to hack Fortnite players’ account. As stated by CNET, the exploit was found previously in November 2018, and eventually, it was patched up by Epic sometime this month.

3488032 Fortnite Playground Lg

Multiple efforts had been made before the fix, Epic Game advised players to change their passwords multiple times and not using their old ones, also not to share their accounts data with others in order to protect their accounts.

Fortnite Account Security

However, the problem is one of those that could not be avoided by changing players’ password regularly. The problem lies in an unsecured website that was initially created in 2004 as a records page for an old Unreal Tournament. Before it was deactivated, however, hackers might have exploited it to steal players’ Epic Games login tokens, and thus, their Fortnite passwords as well. Moreover, hackers might not need to know players’ Epic Game password either, since the exploit use any equivalent accounts that players might use to access the page, from Xbox Live, Facebook, or Google and whatsoever. When the hacking is done, the hackers could listen to the victim’s chat with others and might even do in-game purchases by using the victim’s credit card.

Bob Combatshot Var2 0

According to Check Point head of products vulnerability research – Oded Vanunu – the hackers couldn’t be caught even the players had any security products looking for anti-phishing, this is due to the fact that these products came from a legal domain. It is encouraged by Vanunu that players should have two-factor authentication enabled on their Epic Game accounts. By doing so, your accounts won’t be hacked from the aforementioned method, however, not all patterns of hacking attempts. Currently, Epic is now releasing a free emote called “Boogie Down” if players have enabled two-factor authentication on their accounts.

Vanunu stated that token hijacking has been presently happening on all major platforms, and hijackers are currently looking for tokens more.