Researchers at a cybersecurity firm Check Point have revealed that a bug could have affected as many as 200 million Fortnite players. The firm says the bug existed since sometime in 2018.
The firm notified Epic Games (the company behind Fortnite) in November 2018 and the problem was fixed in a few weeks time. The bug could have let attackers access player accounts when they clicked on a link sent to them.
The problem was due to the way Epic Games uses login requests, said the cybersecurity company. Because of the bug, if a user clicked on a malicious link, their access token could be stolen. A hacker could then use the token to access a Fortnite account without a password.
Check Point in its report further explained that such vulnerability could have allowed helped a bad actor purchase V-bucks, the in-game currency for Fortnite. Such access could have also allowed someone to eavesdrop and record a players’ in-game chatter.
In a statement, Epic Games said: “We encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.” The company further thanked Check Point for finding the bug.