Author Topic: Fortnite Hacked Via Insecure Single Sign-On  (Read 760 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 94
    • View Profile
Fortnite Hacked Via Insecure Single Sign-On
« on: January 17, 2019, 01:05:47 PM »

Author: Tom Spring
January 16, 2019 11:16 am

Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.

Epic Games patched a bug that could have allowed hackers to break into millions of Fortnite accounts and steal virtual currency or resell virtual goods. The vulnerability is tied to an insecure Fortnite application program interface (API) used by players to log into their accounts using third-party credentials or tokens.

Researchers at Check Point, on Wednesday, said the vulnerability is tied to the way the single-sign-on (SSO) works between PlayStationNetwork, Xbox Live, Nintendo, Facebook and Google and the Epic Games server. An attacker could create a malicious link using a legitimate Epic Games sub-domain to trigger the attack.

Full Article Here: