With Fortnite reportedly making billions just in 2018, it's basically the biggest game that civilization has come up with since the invention of checkers. And if you're a student of history, you know that a gold rush can attract some unsavory people who want a cut of the action -- and they aren't particularly concerned with legality or ethics.
As such, Fortnite's security systems have been relentlessly poked and prodded by both the malicious and the benevolent, which brings us to a recent report from Check Point Research, who says that the login page on the Fortnite website has security weaknesses that can be used to intercept someone's password and username.
The main concern with unauthorized access to your account is that a person could view your personal info, including your email address, full name, payment info and your username on other devices where Fortnite is available. Fortnite players can also optionally add their mobile phone number, street address and the name of the company they work for.
Meanwhile, the BBC reported last month that selling stolen Fortnite accounts has become a cottage industry in its own right, with teens in the UK making thousands of dollars a week, as part of a coordinated effort that spans the globe.
When your account is stolen, your password is changed, preventing you from logging in.
The thief will also change the email address associated with the Fortnite account, so that a password reset email will never reach you. They may also add two-factor authentication to the account, so that you can't even guess a password. Once this process is complete, it can be difficult to prove that you are the rightful owner.
What you can do to protect yourself against this flaw
FOLLOW Download.com on Twitter for all the latest app news.
Fortunately, you can force this interception method to deal with two-factor authentication (2FA). With app-based 2FA, such as what you use with Google Authenticator (download for iOS or Android), the free app generates a new six-digit code every 30 seconds, which must match up with a code that's being generated on Fortnite's side at the same time. You enter this code after entering your password and username.
Epic Games, the maker of Fortnite, enabled app-based authentication last year, and we can walk you through the process, which should only take a few minutes and is free of charge.
Since only Fortnite and your app have access to this code, and the code is necessary to complete your login, anyone without it can't get in, even if they've acquired your user name and password.
- Check Point Research reported a flaw on the login page of Fortnite's website that they say could be used intercept your account name and password.
- However, you can deflect this attack by enabling app-based two-factor authentication now on your Epic Games account.
- Fortnite's 'Creative Mode' will let you build your own island worlds
- Epic Games Store offers Super Meat Boy for PC as first freebie of 2019
- Epic Games Store to sell The Division 2 -- and not Steam
- Fortnite dominates gaming industry after making $2.4B in 2018, says analyst (CNET)
- Fortnite is being used by criminals to launder cash through V-Bucks (ZDNet)
- Five skills you need to become a video game tester (TechRepublic)