Researchers at Check Point Software Technologies have revealed details of vulnerabilities that could have affected any player of the hugely popular Fortnite battle royale game.
The vulnerability would have given attackers full access to the user account, their personal information and more worrying their payment card details. Attackers could also listen to in-game chats as well as surrounding sounds and conversations in the victim’s home or wherever they are playing.
The three flaws found in Epic Games’ web infrastructure allowed researchers to steal user credentials, when the users used Facebook, Google and Xbox to sign in to Epic Games.
To fall, victim, a player only needs to click on a crafted phishing link coming from vulnerable Epic Games domains. Two such sub-domains were susceptible to a malicious redirect, allowing legitimate tokens to be intercepted by an attacker.