Epic Games has had a breach in its security giving outside attackers access to millions of accounts’ private date used in the popular shooter Fortnite, per a January 2019 report.
Epic Games has a tremendous following with a sizable portion of their players tending to fill a younger demographic that might not be too aware of proper cyber security, making the attack possibly more devastating.
In an email from Experian sent to many of its users, the company warned them to update possibly vulnerable and outdated security information for services owned by Epic Games.
Say NO to scams!— Fortnite (@FortniteGame) May 25, 2018
Beware of scam sites offering free or discounted V-Bucks. The only official websites for Fortnite are https://t.co/8CxczhrZwk and https://t.co/zxorPaoiJb.
For more information of Account Security: https://t.co/oF57QdfDLH pic.twitter.com/5oTKougmuq
The hack gave the attackers the ability to log into breached accounts, in turn giving them access to stored credit card information attached to those accounts.
“[Epic Games] just announced a security flaw that’s exposed [Fortnite] player information. A bug in Fortnite’s log-in system could have allowed hackers to impersonate players and charge in-game currency to their stored credit cards. Hackers could’ve then moved those purchases to their other accounts,” the Experian reports said.
The original research into the hack came from Check Point Research, who had privately notified Epic Games of an exploit that could affect numerous users.
Attackers found a way to use a piece of code from a user’s login credential obtained if a player clicked onto a phishing site that exposed them to the vulnerability.
Epic Games have advised their user base to take measures against this in the past, but the research group believe that the attacks could have been going on since 2018.