- Tech
-
-
Tech
The gadgets, platforms, and software that make your digital life possible. if it bleeps, clicks or blinks, you’ll find it here.
-
Categories
-
-
Latest
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
- Feds say college student operated drug business through gaming app Thursday 4:36 PM
-
-
-
- Internet Culture
-
-
Internet Culture
There’s a community for everyone online.
-
Categories
-
-
Latest
- ‘Isabelle Facts’ was a wholesome queer meme account—until harassers showed up Today 8:28 AM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
- This ‘buff bunny vs. small bunny’ meme is here for when you’re feeling inferior Friday 10:53 AM
- Ocasio-Cortez slams trolls who come at her with ‘weak’ memes Friday 10:52 AM
-
-
-
- Streaming
-
-
Streaming
You’ve cut the cord—now what?
-
Categories
-
-
Latest
- How to stream Brandon Rios vs. Humberto Soto for free Today 6:00 AM
- ‘The Haunting of Hill House’ heads to ‘Bly Manor’ for next installment Today 5:45 AM
- How to stream James DeGale vs. Chris Eubank Jr. for free Today 5:30 AM
- How to stream UFC Fight Night 145 in Prague for free Today 5:00 AM
- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
-
-
-
- IRL
-
-
IRL
Where your off- and online identities collide.
-
Categories
-
-
Latest
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- This elementary school made students play ‘runaway slave’ Friday 11:20 AM
- Feds say college student operated drug business through gaming app Thursday 4:36 PM
- Disturbing Snapchat video shows 17-year-old throwing dog on trampoline Thursday 12:16 PM
- Florida prisons sued for depriving inmates of music they paid for Thursday 11:36 AM
-
-
-
- Social
-
-
Social
If it happens online, it’s here.
-
Categories
-
-
Latest
- Queso recipe gets launched to space Today 10:09 AM
- ‘Isabelle Facts’ was a wholesome queer meme account—until harassers showed up Today 8:28 AM
- 2016 election stories the ‘Newsroom’ reboot will cover Today 6:30 AM
- How to stream Brandon Rios vs. Humberto Soto for free Today 6:00 AM
- ‘The Haunting of Hill House’ heads to ‘Bly Manor’ for next installment Today 5:45 AM
-
-
-
- Bazaar
-
-
Bazaar
The Bazaar specializes in the stuff you don’t actually need…but you really, really want.
-
Categories
-
-
Latest
- Allow your wallet to be your spirit guide during this rad anime sale Tuesday 10:43 AM
- 14 artsy cartoon mugs that’ll help make your days more creative Monday 12:15 PM
- Get your nerd on with ThinkGeek’s Funko Pop B2G1 sale Monday 3:00 AM
- Play all your NES games in high def with the Hyperkin RetroN HD Tuesday 8:39 AM
- The Introvert Activity Book is perfect for those who find solace in alone time Monday 11:30 AM
-
-
-
- More
- Search
See all Editor's Picks →
Represented by Complex Media, Inc. for advertising sales.
Privacy Policy Terms & Conditions Ethics
Latest
- Queso recipe gets launched to space Today 10:09 AM
- ‘Isabelle Facts’ was a wholesome queer meme account—until harassers showed up Today 8:28 AM
- 2016 election stories the ‘Newsroom’ reboot will cover Today 6:30 AM
- How to stream Brandon Rios vs. Humberto Soto for free Today 6:00 AM
- ‘The Haunting of Hill House’ heads to ‘Bly Manor’ for next installment Today 5:45 AM
- How to stream James DeGale vs. Chris Eubank Jr. for free Today 5:30 AM
- How to stream UFC Fight Night 145 in Prague for free Today 5:00 AM
- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Amy Klobuchar reportedly ate salad with a comb, and Twitter’s got questions Friday 2:47 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- Kim Kardashian West sues fashion company for using her likeness to sell clothes Friday 1:12 PM
Millions of Fortnite accounts exposed via Epic Games website exploit
Millions of Fortnite players have been exposed to potential security risks thanks to a vulnerability in the massively popular online game.
Researchers from security firm Check Point published a blog discussing their findings after happening upon a website with a particularly worrying vulnerability in the Epic Games’ online ecosystem.
A website meant to track users’ Unreal Tournament 2004 statistics has been removed in the wake of the Check Point investigation, but researchers found worrying exploit potential when digging into its code. This particular site could be used for malicious purposes, including allowing hackers to obtain access to users’ microphones and Fortnite accounts without the need for usernames or passwords by way of capturing authentication tokens.
Check Point Researchers reveal #vulnerabilities that would allow hackers to take over @FortniteGame gamers’ accounts, data and in-game currency. @_CPResearch_: https://t.co/meD1tc90LI #cloud #twofactor #authentication #SSO pic.twitter.com/6FOwHzVpu2
— Check Point Software (@CheckPointSW) January 16, 2019
Authentication tokens would allow anyone looking to wreak some online havoc to use a pilfered Fortnite account as if it were theirs, down to spending with the credit card on file to rack up V-Bucks charges, or even spy on players using the game. There’s a whole wide world of things malevolent users could do with access to the accounts, though fortunately seeing the entire credit card number isn’t an option.
It’s incredibly easy to gain access with this vulnerability in the wild, too, as Check Point noted. Fortnite players have a variety of different ways to log into their accounts via social media, video game profiles on Xbox One, PlayStation 4, Nintendo Switch, and PC, or their Epic Games accounts. Once they log in with their unique token tied to that platform, hackers could simply use the token and the above-mentioned subdomain to transfer access in a redirect from Epic Games to a hacker. It’s not a difficult process for any hackers worth their salt, either.
“If Google sends a token, then it should go to Epic Games, and that’s it,” Oded Vanunu, Check Point’s head of products vulnerability, disclosed to BuzzFeed News. He explained that this exploit could easily be incorporated into a free V-Bucks scam link shared on social media, which could bait even typically savvy Fortnite players.
Epic Games is aware of the issue, and in a statement, a spokesperson told BuzzFeed News that the vulnerability had since been patched. “We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention.”
Unfortunately, Epic Games did not disclose whether or not any accounts were accessed with the vulnerability exposed by Check Point, and if they were, what the severity of the damage was. In any case, this is a good reminder to ensure you protect your accounts on every game and application you use, enable two-factor authentication when possible, and keep a close eye on anything you click on related to the game that doesn’t explicitly come from Epic Games or the official Fortnite social media accounts.
While it’s possible accounts weren’t affected or acted upon, it might be a good idea to go change your Fortnite and Epic Games passwords just in case.

Brittany Vincent
Brittany Vincent has covered gaming, anime, tech, and entertainment for over a decade. When she’s not writing, she’s replaying Um Jammer Lammy or Day of the Tentacle for the hundredth time while pining for a Harvester sequel. Find her on Twitter @MolotovCupcake.