Epic Games, the maker of the popular “Fortnite” video game, said last Wednesday that the game’s login system contained a unique flaw that allowed hackers to impersonate real gamers and purchase in-game currency using gamers’ credit cards, according to The Washington Post.
Security researchers told The Post that the hackers then transferred the purchases from the hacked accounts into their own personal accounts.
Be aware: It’s unclear how many gamers were hacked because of the bug.
- “Fortnite” has about 80 million gamers worldwide, leaving almost everyone vulnerable to the hack.
Statement: “We encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others,” Epic said in a statement, according to The Post.
- Epic Games issued a statement to Forbes, too:
- “We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point (Research) for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others.”
The hack: Check Point Research, an information security group, explained in its own report that the bug allowed hackers to identify when a player logged into the game through a third party, like Xbox Live.
Players who clicked a phishing link would then become vulnerable to the hack.
Bigger picture: Security expert Ian Trump, the head of cybersecurity at AmTrust International, told Forbes that Epic Games doesn’t come off well after this hack.
- “Blizzard and other gaming companies have been dealing with this type of threat for years,” he said.
- He added, “An industry which makes billions needs to share threat information through an information sharing and analysis center (ISAC) mechanism.”
- He said he hopes Epic Games will “start sharing threat intel to show you care about your fans and customers … .”