Check Point security researchers discovered vulnerabilities in Epic Games' website, which could have been used to hack into someone's Fortnite account. According to CNET, the researchers found the exploit in November 2018, and it was subsequently fixed by Epic this month.

　　"We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others," an Epic Games spokesperson said.

　　You need a javascript enabled browser to watch videos.

　　Click To Unmute

　　Thompson: The Pop Culture Icon’s Strange Legacy - Loadout

　　Firearms Expert’s FAVORITE Weapons Of 2023State Of Gaming Handhelds In 2023How Lies of P Cracked the Souls GenreLike a Dragon: Infinite Wealth - Official Ichiban Kasuga Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Chitose Fujinomiya Character Spotlight TrailerResident Evil 4 Adds Mercenaries and Microtransactions | GameSpot NewsFallout: New Vegas 2 Rumors Explained | GameSpotApril Xbox Game Pass Games Revealed | GameSpot NewsOver 15 Free Games To Claim In April | GameSpot NewsNew Witcher Game Plans Have Changed | GameSpot NewsElden Ring Death Count Revealed | GameSpot News

　　Share

　　LinkEmbed

　　Size:640 × 360480 × 270

　　Start at: End at: Autoplay Loop

　　Want us to remember this setting for all your devices?

　　Sign up or Sign in now!

　　Please use a html5 video capable browser to watch videos.

　　This video has an invalid file format.

　　00:00:00

　　HTML5

　　Auto HD High Low

　　Report a problem

　　Sorry, but you can't access this content!

Please enter your date of birth to view this video

　　By clicking 'enter', you agree to GameSpot's

　　Terms of Use and Privacy Policy

　　enter

　　Now Playing: Fortnite V-Bucks Money Laundering And Account Hacks Suspected - GS News Update

　　Unfortunately, the exploit was not one that could have been avoided via constant password changes. The vulnerability existed through an unsecured URL that was first created in 2004 for an old Unreal Tournament records page. Before the page was deactivated, a hacker could have used it to take advantage of the access tokens a player might use to log into Epic Games' servers, and their Fortnite account as a result as well. The hackers wouldn't even need to know the player's Epic Game's password either, as the exploit takes advantage of any corresponding accounts that the player might use to log in, such as Facebook, Google, or Xbox Live. When completed, the exploit allows someone to listen in on the victim's conversations with other players and also purchase in-game items with the hacked person's credit card.

　　"Even if you [had] a security product looking for anti-phishing, it wouldn't catch [the hack] because it's coming from a legitimate domain," Check Point head of products vulnerability research Oded Vanunu said. Vanunu went on to encourage players to enable two-factor authentication for their Epic accounts. Doing so won't protect you from all forms of hacking attempts, but it will help protect you from people trying to get at your account through access tokens. Epic seemingly agrees, as the company released a free Fortnite emote for players who enable two-factor authentication.

　　"Token hijacking is something that is happening on all major platforms," Vanunu continued. "We are starting to see malicious attackers looking for tokens more."