– We have no proof that it's been exploited, but we have information that the users have been hacked, " says Oded Vanunu, security expert at Check Point, the company that discovered the vulnerability.
In a press release, write the Check Point to these deficiencies in Fortnite made it possible for hackers to eavesdrop on conversations and ambient sounds in the player's home. Moreover, these deficiencies have given hackers access to the player's personal data.
" We started to look at this in the last year (2018) then there was information that the people have had their accounts hacked. Once we started watching it, we found the security flaws, " says Oded Vanunu.
they found three flaws in the Epic Games web infrastructure. According to Oded Vanunu so could hackers via a so-called phishing-link access användarkontons signature (account, token) and get full access to the account. Which means that the hackers have been able to buy currency in the game with the help of the victim's credit card information.
" People didn't have to enter their information or something, all that was required was that they clicked on the link.
" It all looks like it happened a while ago when everyone was forced to log in again on Facebook. Because everything is available on cloud storage, there are also plug-ins to other accounts.
affected, or if someone is actually being intercepted is unclear.
According to Oded Vanunu, announced to the shortcomings of the game developing company behind Fortnite, Epic Games, in november. At the end of december the company said that the bug was fixed. It confirms also for the TT.
”We drew attention on the vulnerabilities and fixed soon. We want to thank Check Point for that they informed us about this,” writes Nick Chester, a spokesperson for Epic Games, in an email to the TT.
and the Check Point encourages players to be vigilant when exchanging information digitally. To have secure passwords and not use the same password multiple times. Check Point also recommends users to enable two-factor authentication to further protect their accounts.
– this kind of stuff is what we see increasingly, trying to access an account's signature. To snatch the accounts, it is new, " says Oded Vanunu.