One of the world’s most popular massively multiplayer and free online games has recently been patched, and that’s a good thing, but it shows just how targeted online games could be.
For a while there, one of the world’s biggest online games could have given hackers access to a player’s credit card, and even switch on their microphone at home to listen to what was going on.
Epic Games’ online-only runaway smash hit “Fortnite” has been in the news for various reasons, but if a recent vulnerability had been exploited before patched, it would have been in the news again, and for all the wrong reasons.
A recent security flaw discovered by security organisation Check Point found an issue with Epic’s web infrastructure, using its authentication process to steal user access and take over an account simply via a dodgy phishing link.
We’ve all seen these dodgy emailed links before, and while scammers almost always have a tell in how poorly crafted emails appear, the emails are getting better, and this one would look even more authentic coming from Epic Games’ domain. With that one click, the authentication could be secured by a scammer, and the account would be compromised.
Fortunately, it won’t happen, at least not from this security flaw, as Check Point’s researchers have told Epic of the flaw, and it has been subsequently fixed.
“Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy,” said Check Point’s Oded Vanunu.
While Fortnite’s flaw is now a thing of the past, this attack vector highlights just how far scammers and attackers are willing to go to find a way in to steal information.
Fortnite is a massively multiplayer online game, and while parts of the title can be played free, it’s a big moneymaker for Epic, now competing with other entertainment services including those made for movies and TV services.
In this instance, the security risk wasn’t with the user, either, making Epic’s issue even more important, as it needed to be remedied immediately before exploited. However as we become increasingly dependent on online apps and games, storing access to credit cards on these services, security remains one of the most important issues, and while the onus of security is primarily on the provider, it’s also necessary for the user to make sure they’re doing their best to not fall into these traps as well.
In Fortnite’s case, that might have proven difficult with a dodgy link going out from a real domain, but it’s always best to check the email address of the email being sent, and if you don’t know what it is, don’t click on a link. Not everything online is trying to help you.
