Blog

Cyber-crime Cybersecurity Data Breach

FORTNITE: the game that left its million users at cyber risk

Online gaming brings individuals from all corners of the earth for gaming reasons, but Fortnite changed all this by a hacking experience. This popular online game made headlines for the wrong reasons. With 250 million gamers, it was a matter of time before something went wrong. What does it mean when we log into our video game servers in terms of personal data privacy? Challenges encountered when playing an online video game with a million-plus users.

During the data breach in November 2018, Fortnite boasted of 250 million players. With such a database, it couldn’t be a surprise for IT security firm Check Point to wait for a data breach that they later discovered as a code that allows hackers to manipulate user accounts.

The dangers of having another user, having control of your Fortnite account.
Fortnite single signing in service brings players to multiple websites instantly without logging in multiple credentials.

This signing in process is a way Fortnite outsources its effort and technology to verify its account users. The game’s login options include Google, Facebook, PlayStation, Nintendo, and Xbox accounts. This means that if there is an error in the login in process, all these accounts linked to Fortnite and Epic Games get compromised.

Fortnite data breach combined two flaws
The redirecting process during login in — during this process, legitimate Epic gamers get a token. The URLs token is the one that gets tampered with. This token authenticates their player identity. Cybercriminals take control of this token and duplicate another one for the legitimate account holder. All the hackers do is to employ the use of a URL shoretener to make their duplicate link have an official look. Then they share it across the Fortnite platforms and its affiliate social media sites.
These links when logged-into, their token straight away, get vulnerable. After the success of this process, a hacker can access all debit and credit cards that purchased this online game.

The other concept is a modern spin that entails getting a Fortnite account holder to click on a link based on the belief that they may benefit in one way or the other. This idea is not distant from lottery scams that victimize thousands of web users annually. The implications Fortnite users have to endure

Although Fortnite developers got rid of these flaws, the discovery of this data breach has a long-term effect on the future of online privacy, as personal data is already on the wrong hands. This situation came in as a perfect storm. It’s because it exposes the average Fortnite user venerable to clicking malicious links without a second thought.

This hack makes us think of some tough questions concerning simultaneously signing up across multiple websites using one password. This Fortnite data breach comes as a reminder to parents not to engage in signing up for multiple online services affiliated to one service using a single password. It does not mean that one online platform is impervious to the other, but if you think on the lines that Facebook was a victim to such an act, it would be wise to take the precautions.