Epic Vulnerability In Popular Game Fortnite May Allow Account Access

Do you play Epic Games Inc.’s Fortnite? Do your kids? As of June last year, it was estimated that somewhere around 125 million people were playing it and it was on a path to generate over $2 billion for the company. Because of this popularity, it is a target for hackers who can take advantage of you, and even worse—your kids.

Researchers at the security company Check Point Technologies, Ltd. reported that a vulnerability in the way players authenticate, or sign into the game, could have allowed attackers to gain access to a user’s account. With that access, the hacker could purchase the virtual currency used in the game, use it to buy game equipment, and then resell it.

How does one accomplish this feat? Phishing, of course. A link is sent to a player and if it’s clicked, the hacker has account access. So not only does this exploit the person with the payment card information in the account, but it takes advantage of the fact that children also play this game en masse and may be easier targets.

Remind children of the clues for identifying phishing. In this day and age, so many things are attached to the Internet, including dolls, learning toys, and of course these game consoles. Many children now even have their own internet connected smart phones and tablets. If they aren’t cybersecurity savvy, it could mean a game over for parents and guardians!

These clues can help:

- If they receive a link that they did not ask for or are not expecting, even if it’s from one of their gaming friends, it should never be clicked. They should consult a knowledgeable adult first.

- If you need to verify any information they receive in a message, you should ask the sender by using a new email message and never a reply, by sending a text, or placing a phone call.

- Consider playing games with kids to get to know their gaming friends. Unfortunately, there have been instances where they think they’re chatting with a fellow 12-year-old when in fact, it’s an adult trying to take advantage.

- Don’t store payment card information in game console accounts. If you must, be sure to use a multifactor (MFA) or 2-factor (2FA) authentication option. This will help to prevent unauthorized purchases in the games.

Epic Games did fix the problem, but they cannot be sure it wasn’t exploited already. They recommend that users don’t reuse passwords among accounts and be sure to use strong passwords that includes upper and lowercase letters, numbers, and special characters. That is sound advice.

If you haven’t heard of Fortnite, it’s pretty popular. It even got a mention in the hit TV show “The Big Bang Theory.” It revolves around a last “man” standing battle where participants fight for weapons and other resources to help them in their quest. It’s free to play and can be played on game consoles and mobile devices.

Stickley on Security
Published January 21, 2019