The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Fortnite cheats

Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts

Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts

January 16, 2019Swati Khandelwal
Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link. The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass issue, and most importantly an OAuth account takeover vulnerability. Full account takeover could be a nightmare, especially for players of such a hugely popular online game that has been played by 80 million users worldwide, and when a good Fortnite account has been sold on eBay for over $50,000. The Fortnite game lets its players log in to their accounts using third-party Single Sign-On (SSO) providers, such as Facebook, Google, Xbox, and PlayStation accounts. According to the researchers, the combination of cross-site scripting (XSS) flaw and a malicious redirect issue on the Epic Games&
Beware! Fortnite Cheat Hijacks Gamers’ PCs to Intercept HTTPS Traffic

Beware! Fortnite Cheat Hijacks Gamers' PCs to Intercept HTTPS Traffic

July 04, 2018Swati Khandelwal
If you are looking for Fortnite v-bucks generator, aimbot or any other game cheats—then beware—you might end up installing malware on your PC! Web-based game-streaming platform Rainway is reporting that tens of thousands of Fortnite players have inadvertently infected their systems with a piece of malware that hijacks their encrypted HTTPS web sessions to inject fraudulent ads into every website they visit. According to a blog published by Rainway CEO Andrew Sampson, the company began receiving hundreds of thousands of error reports from its server logs last week, and after investigating, the team found that the systems of their users were attempting to connect with various ad platforms. Since Rainway system only allows whitelisted domains to load content, all ads-related requests got rejected, resulting in triggering an error every time the users' systems try to connect with a third-party server. It turns out that the malicious adware attacking Rainway users had one t
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.