More specifically, the attack relied on security shortcomings in how Fortnite’s login process works with Single Sign-On (SSO) systems developed by Facebook, Google, Xbox, and PlayStation.Įpic Games had written a generic SSO implementation to support all these login providers which, security researchers discovered, was flawed. The attack, which has now been patched, was the result of flaws in Epic Games’ web infrastructure, that collectively made it possible for researchers to manipulate the token-based authentication process used by Fortnite in order to lift gamers’ access credentials. The same security weakness also made it possible to listen into and record players’ in-game chatter and background home conversations, among other exploits. Once stolen, login credentials might be used to buy more V-Bucks – Fortnite’s in-game currency – at a victim’s expense, or access a compromised user’s in-game contacts or other account data. The attack – discovered by security researchers at Check Point – manipulates Fortnite’s login process to capture usernames and passwords. Web back-end vulnerabilities in Fortnite created a mechanism for hackers to intercept and surreptitiously steal gamers’ login credentials. ![]() ![]() Login credentials could have been stolen with ease
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |