A vulnerability in hugely popular online game Fortnite that could have allowed hackers to take control of a user’s account has been fixed by its developer.
Check Point Research last week revealed details of the issue on the organisation’s blog, outlining “multiple vulnerabilities” that could have “allowed a threat actor to take over the account of any game player”.
This would have allowed the attack to view the user’s personal account information, make purchases of the in-game currency V-bucks, and eavesdrop on other players’ conversations.
While there have been many other attempts to con Fortnite players, the researchers said this was a “far more sophisticated and sinister method”, because it required a player to simply click on a link, rather than actually entering their username and password on a vulnerable site.
The vulnerability was found in Fortnite developer Epic Games’ Single Sign-On Implementation which works with other platforms like Facebook, Google and Xbox Live.
This would have allowed an attacker to send a Fortnite user a link to a vulnerable website. If clicked on, the attacker would then have access to the user’s account.
“Needless to say that along with this massive invasion of privacy, the financial risks and potential for fraud is vast,” the researchers said. “Users could well see huge purchases of in-game currency made on their credit cards with the attacker funneling that virtual currency to be sold for cash in the real world.”
Check Point Research notified Epic Games of the vulnerability in November last year, and the issue was fixed within weeks.
“We were made aware of the vulnerabilities and they were soon addressed,” Epic Games said in a statement. “We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.”
It’s not the first time that criminals have attempted to use Fortnite’s in-game currency. A recent report by The Independent found that criminals were using the game to launder money through using stolen credit cards to purchase the in-game currency which they would then sell at a discount rate to other users, in turn “cleaning” their money.
Fortnite is a hugely popular online game in Australia and around the world, and has been downloaded more than 125 million times.
Last year, addiction to the game was cited in about 200 divorce proceedings in the UK, equating to about 5 percent of all divorces, according to Divorce Online.