top of page

Cybersecurity and Online Gaming

Fortnite is an excessively popular video game manufactured by Epic Games. This is played online with other players. There are more than 80M users across the world. In this game, as with many others, the goal is to stay alive and survive.


While the game is widely played, there should have been a thorough security testing for this. It appears this was not the case, as a security flaw provided a vulnerability for the Fortnite users. This allowed the users to be recorded during play without their knowledge and access to other sensitive data. The issue was discovered by CheckPoint in November 2018.


The attackers appear to have leveraged an insecure webpage created in 2004, created by Epic Games. They sent phishing emails to Fortnite users using this old website. The phishing emails indeed did appear to be from Epic. The attackers made it very easy for the users, in that all the targets had to do is click a link. This would allow the attackers access to the user’s accounts. This did not require the user to login. This was done through the tried and true XSS attack.


When exploited, this vulnerability allowed the attackers to:

a) Take over the Fortnite accounts,

b) Make unauthorized purchases with the user’s game virtual currency,

c) Eavesdrop on player’s chat, and record the player’s chat.

This may have also exposed the user’s credit card data and other personal information. Due to this, complaints were filed with the Better Business Bureau. The users alleged Epic Games did not protect the user’s data.


Epic Games took down the 2004 website which caused these issues. The company also recommended the players not reuse passwords, use strong passwords, and not share account information with others, or basic security recommendations.

Lessons Learned

Our environment is not static. This changes all too often. We need to monitor this frequently to check for issues and updates. The company needs to know its web apps and endpoints, and scan these periodically.


Knoop, J. (2019, January 17). Epic patches fortnite security hack that may have exposed more than 200 million players’ accounts. Retrieved from

Oliver, M. (2019, January 18) Fortnite security flaw exposed 80 million players to hacking risk. Retrieved from

Silverstein, J. (2019, January 19). Fortnite security flaw exposed millions of users to being hacked. Retrieved from

Tribune Media Wire. (2019, January 18). Fortnite security flaw exposed 80 million accounts. Retrieved from

WGNWeb Desk. (2019, January 16). Fortnite security flaw exposed 80 million accounts. Retrieved from

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page