Hackers Can Log Into Fortnite Accounts Because of an Epic Games Flaw.

Epicgames.com login-According to a statement released by Check Point, the company discovered various vulnerabilities in Epic Games’ online network that might allow hackers to access any Fortnite account.

Once hooked in, attackers could then steal credit card information, purchase V-Bucks, and even listen in on real-time discussions between players, according to the developers.

What’s the worst part? The player was not even required to submit any login information, such as a username or password, to make use of this attack.

Due to vulnerabilities discovered on the company’s sub-domains, hackers were able to carry out an XSS attack by deceiving the user into clicking on a malicious link on the website.

Hackers might acquire access to user accounts by redirecting traffic from Epic Games’ login page at “accounts.epicgames.com” to another page on the same domain. They could then use the login tokens stolen from users to take control of their accounts.

Login tokens are cryptographic keys that allow Fortnite users to sign in to other services such as the PlayStation Network and Facebook using their Fortnite account credentials.

Because the attack makes use of a URL that ends in epicgames.com, victims were unaware that the link they were clicking on was harmful.

What was the procedure?

After clicking on the malicious link, unknowing victims would be directed to an Epic Games sub-domain, where the attacker would be able to view the player’s account and password.

Following their arrival on that page, hackers may utilize the Single Sing-On token to resend it to a page on an old Epic Games sub-domain that displayed unreal tournament statistics grouped by map and ID.

This indicates that the exploit was successful even if the victim used a third-party login, such as Google+, Facebook, PlayStation, Nintendo, or Microsoft Account to access the website.

As a proof-of-concept, the security research firm took use of the bugs to grab login tokens from other Fortnite players and log into their accounts.

Check Point then notified Epic Games of the security problems, which resulted in the page being taken down and a remedy being implemented to protect the information of their users.

The former statistics page was vulnerable to two types of attacks: SQL Injection and Cross-Site Scripting (XSS).


Check Point prepared a video illustrating the issues that were discovered during the login process after detecting and reporting the vulnerabilities to Epic Games, among other things.

Vulnerability in the Fortnite Login Video

There is no evidence that attackers used these weaknesses to attempt account takeovers as a result of these vulnerabilities.

Some gamers, on the other hand, have stated that they have lost control of their Epic Games accounts without ever having clicked on any links.


Comments are closed.