A new security dash on this epic games login process has been discovered. Something that could result in hijacking accounts and user information for players of, for example, Fortnite.
The Security Company Check Point has recently discovered a security hole in the login process at the Epic Games website. Epic Games is the studio behind the immensely popular Fortnite that today has over 80,000,000 registered players in total among the platforms available for the game.
How it would go
The security dash main concerns users who claim in Epic Games using a third-party website such as Facebook or Google+. Typically, the game studio login server would send a token to the user's Facebook or Google account, which will then be returned as identification.
Check Point researchers are able to find a weakness in the infrastructure of account.epicgames.com which made the site open for redirection. This led the researchers to redirect traffic to a subdomain that also had security holes in it and from there capture the identification sent back from EG. Facebook or Google+. After the ticker was snapped up by the researchers, it could be used to log in to other players' accounts.
According to Check Point, it should only have required the victims to provide a simple phishing link that will push it to the exposed subdomain. The victims should not have access to any full login details, but their logon can have been captured directly by the perpetrators.
After this simple hijacking is done, perpetrators must have access to information from victims and account information. Possible perpetrators should also be able to debug not only voice conversations that occurred in the game, but also listen to sounds that the user & # 39; s microphone picked up at any time.
Not only was privacy affected, this attack was implemented, perpetrators would also have the opportunity to use the accounts of the victim to buy digital currency in the game. Something that could lead to massive financial losses for the victim.
Epic games fast on the ball
However, Check Point reminds that Epic Games has managed to address the security problem before it is released. However, like the security firm and the game developer recommends, users use two-step authentication. This means that if a logs attempt is made on an account of a previously unknown device, the attempt should be approved by a security code that sends an email to the user's e-mail address.
Low price on Prisjakt.se