LandzDown Forum

Software & More => Web News => Topic started by: Antus67 on January 17, 2019, 01:05:47 PM

Title: Fortnite Hacked Via Insecure Single Sign-On
Post by: Antus67 on January 17, 2019, 01:05:47 PM

Author: Tom Spring
January 16, 2019 11:16 am


(https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/16103911/Fortnite_DS.jpg)



Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.

Epic Games patched a bug that could have allowed hackers to break into millions of Fortnite accounts and steal virtual currency or resell virtual goods. The vulnerability is tied to an insecure Fortnite application program interface (API) used by players to log into their accounts using third-party credentials or tokens.

Researchers at Check Point, on Wednesday, said the vulnerability is tied to the way the single-sign-on (SSO) works between PlayStationNetwork, Xbox Live, Nintendo, Facebook and Google and the Epic Games server. An attacker could create a malicious link using a legitimate Epic Games sub-domain to trigger the attack.

Full Article Here:https://threatpost.com/fortnite-hacked-via-insecure-single-sign-on/140913/ (https://threatpost.com/fortnite-hacked-via-insecure-single-sign-on/140913/)