Epic Games, best known for the mega-popular video game “Fortnite,” fixed a vulnerability in its web infrastructure that hackers could have abused to access user accounts, as evidenced by a report from cybersecurity firm Check Point published Wednesday. The exploit involves phishing, but victims don’t need to be tricked into handing over credentials for it to work, the report shows. The bug only required that the targets visit a malicious link, where their login tokens could be leaked to the attackers. This type of access could have allowed hackers to see victims’ personal information, listen to their in-game voice chat and purchase V-Bucks — the game’s virtual currency — with other players’ accounts, Check Point said. Researchers said they found two old sub-domains belonging to Epic Games containing vulnerabilities that allowed for a malicious redirect attack. In a technical report, researchers describe how they were able to take control of these domains and use them to […]
The post Epic Games login tokens were susceptible to theft, research shows appeared first on CyberScoop.
Continue reading Epic Games login tokens were susceptible to theft, research shows→