Players who love to indulge in online battle should heed caution when playing Fortnite, according to researchers at Check Point who have disclosed vulnerabilities that could give a malicious actor access to a user’s account and their V-Bucks.
In addition to gaining full access to a user’s account, an attacker who exploited the vulnerability – which has now been fixed – could have eavesdropped on a player’s in-game conversations, potentially also picking up any sounds in the background where the game was being played, researchers said.
According to today’s press release, an attacker could have stolen login credentials by exploiting three flaws found in the web infrastructure of Epic Games, specifically in compromised sub-domains through which the malicious actor could intercept authentication tokens.
The attack, which reportedly could be executed in a single click, would grant an attacker the ability to purchase virtual in-game currency using the victim’s payment card details and then be sold for real money outside the game.
“Researchers were able to demonstrate the token-based authentication process used in conjunction with Single Sign-On (SSO) systems such as Facebook, Google and Xbox” and reported the vulnerability to Epic Games, the press release stated.
No tags.
