• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • January
  • 18
  • Fortnite Hack Could Have Compromised Many Gamers Accounts

Fortnite Hack Could Have Compromised Many Gamers Accounts

January 18, 2019January 18, 2019 Comments Off on Fortnite Hack Could Have Compromised Many Gamers Accounts
fortnite accounts hacked fortnite bug fortnite hack fortnite hacked

Fortnite players have just secured their accounts marginally from a major hack. The researchers identified a vulnerability that could have risked millions of accounts. Fortunately, Epic Games patched this Fortnite bug before any wide spread exploit occurred.

Fortnite Bug Allowing Massive Account Hacks

Researchers from Check Point Research have disclosed a vulnerability in their recent report that posed a serious threat to Fortnite players. The reported Fortnite bug could allow an attacker to gain explicit access to millions of accounts.

As specified in their report, they spotted a bug in Epic Games subdomain’s that could permit XSS attacks. A potential attacker could exploit this vulnerability to receive the victim player’s login credentials.

“By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured by the attacker.”

According to the researchers, they found a vulnerable subdomain http://ut2004stats.epicgames.com/. This page supposedly provided game stats. However, the search bar of this page could serve as an “injection point for the XSS vulnerability”.

From this page, they began looking for details and found problems with the single sign-on (SSO) mechanism. As stated,

“It turns out that when a player logs in to his account by clicking on the “Sign In” button, Epic Games generates a URL containing a “redirectedUrl” parameter… This parameter is later used by “accounts.epicgames.com” in order to redirect the player to his account page. However, we soon found that it was possible to manipulate the redirect URL and direct the user to any web page within the “*.epicgames.com” domain.”

At this point, the researchers demonstrated that redirecting the user to a malicious subdomain with XSS payload could allow stealing the victim’s user authentication code. Ultimately, the attacker could gain access to the victim’s Fortnite account.

The researchers have shared a demo video showing how the attack worked:

Epic Games Patched The Flaw

Check Point Research reported about the flaw to Epic Games right after the discovery. Consequently, the developers patched the flaw, thus securing millions of accounts from a potentially devastating hacking campaign.

Popular games like Fortnite are always alluring for criminal hackers. That’s why the players repeatedly witness scams and hacking campaigns. According to Check Point Research,

“Fortnite is the game responsible for almost half of their $5bn-$8bn estimated value.”

Fortunately game developers have proved themselves vigilant enough to fix the bugs at their earliest. Even in August 2018, Epic Games patched a flaw in Fortnite Android app that made it vulnerable to man-in-the-disk (MITD) attacks.

Post navigation

773 Million Credentials of Email & Password leaked in Massive Data Breach – Biggest Data Dump Ever Found in a Decade
Anonymous DDoS Zimbabwe’s Government sites offline

Related Articles

Paris: Versus Market Exploit “is Real”

Paris: Versus Market Exploit “is Real”

- Dark Web News
May 19, 2022
Australian Police Arrest Two Alleged Darkweb Vendors

Australian Police Arrest Two Alleged Darkweb Vendors

- Dark Web News
May 18, 2022
DOJ is Investigating Someone for Evading Sanctions with Crypto

DOJ is Investigating Someone for Evading Sanctions with Crypto

- Dark Web News
May 18, 2022
hacker gadgets
hacker phone covers

Recent Posts

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerProxy – PowerShell SOCKS Proxy With Reverse Proxy Capabilities

May 19, 2022
Researchers created a PoC exploit for Safari CVE-2022-26717 bug

Researchers created a PoC exploit for Safari CVE-2022-26717 bug

May 19, 2022
logdata-anomaly-miner v2.5.1 releases: parses log data and allows to define analysis pipelines for anomaly detection

logdata-anomaly-miner v2.5.1 releases: parses log data and allows to define analysis pipelines for anomaly detection

May 19, 2022
Paris: Versus Market Exploit “is Real”

Paris: Versus Market Exploit “is Real”

May 19, 2022
Cyph - Cryptographically Secure Messaging And Social Networking Service

Cyph – Cryptographically Secure Messaging And Social Networking Service

May 19, 2022
Australian Police Arrest Two Alleged Darkweb Vendors

Australian Police Arrest Two Alleged Darkweb Vendors

May 18, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW