A glitch in the explosively popular video game Fortnite let hackers access millions of players accounts including sensitive credit card information and eavesdrop on private chats.
Fortnite’s creator Epic Games acknowledged the massive security breach on Wednesday saying the bug was fixed.
The defect was discovered by cybersecurity firm Check Point Software technologies in November who then reported it to Epic Games.
‘We were made aware of the vulnerabilities and they were soon addressed,’ an Epic Games spokesperson said to Variety.
Popular video game Fortnite suffered a glitch in its system that allowed hackers to access personal accounts and credit card information
‘We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others,’ he added.
The glitch in the game’s log-in system allowed hackers to pose as regular players and purchase the game’s currency using credit cards saved to users accounts.
Hackers were able to access user accounts without using any log-in information.
Attackers were able to steal the pieces of code that identify players when they log into a game using a third-party account like Facebook or Xbox Live, according to the Washington Post.
Players were also exposed if they clicked on scam phishing links that are designed to look like it’s issued by Epic Games and allow attackers to capture their authentication tokens which are associated which each user account.
The defect was discovered by cybersecurity firm Check Point Software technologies in November who then reported it to Fortnite creator Epic Games. The video game creator acknowledged the bug on Wednesday and said the glitch was fixed
Then hackers used those tokens to enter personal accounts thanks to flaws in two of Epic Games’ sub-domains.
Once in, hackers could purchase weapons and accessories in the game and drop in on conversations and access contact lists.
The fault put the video games 80million monthly players a risk. The game has 200million users with registered accounts.
Epic Games declined to comment on how many users may have been targeted by the hack.
‘The chain of the vulnerabilities within the log-in flow provide[d] the hacker the ability to take full control of the account. Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy,’ Oded Vanunu, Check Point’s head of products vulnerability research, said in a statement.