Hackers most recently found a security flaw that gave them the ability to control gamers' accounts, make in-game purchases and even enter in-game chats as the hacked player or listen to the hacked player's conversations, according to an Israeli software firm.
Check Point Software Technologies found the vulnerability in the tremendously popular game, the company said in a blog post Wednesday.
"Fortnite" developer Epic Games was notified of the vulnerabilities, and "they were soon addressed," a spokesperson told Variety, a weekly magazine about entertainment.
The flaws were found "in the last few weeks," according to the blog post. Variety reported that the security gaps were discovered in November. It's not clear why accounts of when the flaw was found differ.
One essential ingredient to the would-be hack were third-party single-sign-on (SSO) providers like Google, XBox or Facebook that allow players to login with their username and password from one of the SSOs. After confirming one's details with the SSO, an SSO token is created and logs the user in.
Whereas previous scams directed gamers to fake websites claiming to create "Fortnite's" in-game currency, V Bucks, and required them to enter personal information like credit card details, the technique discovered by Check Point "did not require users to hand over any login details whatsoever," the cybersecurity firm said.
Check Point learned how to hack "Fortnite" by noticing a flaw on login page accounts.epicgames.com. The page was not "validated" and was "susceptible to a malicious redirect," the report notes. The security researchers then redirected traffic from