Security experts at Check Point Research discovered several cybersecurity flaws in popular online battle game Fortnite. One of the flaws is an OAuth account takeover vulnerability that could allow a remote attacker to take over gamer accounts, tricking players into clicking a specially crafted link.
Due to three vulnerability flaws found in Epic Games’ web infrastructure, researchers were able to demonstrate the token-based authentication process used in conjunction with Single Sign-On (SSO) systems at Facebook, Google+, Xbox Live and Sony PlayStationNetwork, to steal the user’s access credentials and take over their account.
Once the token has been obtained, the attacker could access personal information, buy in-game currency at the user’s expense, eavesdrop on and record players’ in-game chatter and background home conversations.
One way to minimize the thread of falling victim to such an attack is to use a two-factor authentication.
Checkpoint published a demo video of the attack:
Read more about it here.