Epic Games, the maker of the Fortnite game, has silently removed a vulnerability from its infrastructure, allowing hackers to access users' accounts with incredible ease.
The vulnerability was identified by security researchers Israeli company Check Point, which reported the issue privately to Epic Games last year.
"We reported the vulnerability in early November, and by the end of November it had been fixed," said Oded Vanunu, a Check Point researcher at ZDNet.
The vulnerability was actually a combination of many bugs in different parts of the company's infrastructure and some were unrelated to Fortnite.
Watch the video:
For a successful attack, users would have to click on a malicious link to Epic Games. Of course, the vulnerability broke the children, who as users with less experience could not identify the dangerous parameters contained in the link.
"It was not an advanced attack at all, and it was very simple to execute in the background," Vanunu said. "Stealing connection tokens is one of the most common ways to attack."
Of course Fortnite accounts are all at stake. As of June 2018, it has been reported that over nine million accounts of this particular game have been breached by hackers.
Why this game? First because it is popular.
Fortnite V-Bucks coin, on the other hand, is known to be used to launder (real) money by cybercriminals. And it's not just cyber criminals chasing V-Bucks. Teenagers get into the process of hacking accounts, stealing from each other.
In many cases, hackers do not mind Fortnite accounts, as all they want is player money.