A swathe of Fortnite players’ accounts were left vulnerable to cyber criminals after a security vulnerability was discovered.
Details of the vulnerability was published by security company Check Point on Wednesday.
No ad to show here.
“By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker,” Check Point writes in its report.
“Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker.”
This would allow those now in control of the account to purchase V-Bucks — Fortnite’s in game currency that can be purchased via credit cards — view their personal account info, and “eavesdrop on and record players’ in-game chatter and background home conversations”.
Check Point noted that Epic Games has since patched the issues.
Feature image: Epic Games
