'Fortnite' Hack Could Have Accessed Accounts, V-Buck Purchases & Chat Audio

Fortnite boasts more than 200 million active players, and a recent exploit found by Check Point Software Technologies could have put all of them at risk. The vulnerability, first discovered in November and patched by developers at Epic Games, could have been devastating. If leveraged, it would give third-parties full access to user account details, payment information and even in-game chat audio.

In its analysis, Check Point discovered three flaws in Epic's domains that could have been manipulated for nefarious purposes. If leveraged, all a player would have to do is click on a specially crafted phishing link to instantly expose the data. Unlike the countless V-Buck scams that target users by masking phishing links as fake login pages, this one would not have required any sort of password entry.

"Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy," said Oded Vanunu, head of products vulnerability research for Check Point in a press release. "Together with the vulnerabilities we recently found in the platforms used by drone manufacturer DJI, show how susceptible cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold. Enforcing two-factor authentication could mitigate this account takeover vulnerability."

Fortnite 2fa security flaw
Enable two-factor authentication to ensure your 'Fortnite' account is secure. Epic Games

In a response to Newsweek, an Epic Games representative espoused the team's commitment to security. "We were made aware of the vulnerabilities and they were soon addressed," the spokesperson said. "We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others." Sources further added that claims of access to in-game chat audio may be untrue.

The Fortnite developer has been extremely proactive about user account security since the game skyrocketed to popularity in late 2017. Just as these security experts espouse the benefits of two-factor authentication, Epic has repeatedly done the same. Back in August, Epic started offering a free Boogie Down emote to all players who enable 2FA on their accounts. The promotion is still active and frequently displays on screen after Fortnite is launched.

To reiterate, this hack is not a current risk to Fortnite players. It was discovered this fall and patched shortly thereafter. But the news serves as a reminder to fans to stay away from any links that appear too good to be true. If you see something that offers a large purse of V-Bucks, free skins or free access to a Battle Pass, it's best left untouched. Two-factor authentication is also advised (and who doesn't want another emote?).

Fortnite is available now on PS4, Xbox One, Switch, PC and mobile.

What are your thoughts on this latest Fortnite hack? What tips do you have to avoid V-Buck scams? Tell us in the comments section!