Fortnite is all of a sudden facing all sorts of problems in the press. On Wednesday, the company was forced to respond to accusations that its V-Bucks platform, which is used to buy in-game upgrades and items, is being used by cybercriminals to launder money. But it’s another headline that grabbed our attention today—one that posits the game’s 200 million-plus registered users’ accounts exposed to hacking.
According to an NBC News report, hackers used an elaborate phishing scam to dupe players into clicking a link that opened them up to the hacking. First discovered by cybersecurity firm Check Point Software Technologies back in November, the scheme took advantage of a security flaw in a couple of Epic Games’ (the studio that runs Fortnite) subdomains that were susceptible to a malicious redirect, giving hackers the ability to swipe a user’s legitimate authentication tokens—i.e. their login information.
Check Point said that it immediately alerted Epic Games to the flaw, and the studio confirmed to NBC News that it fixed the security hole earlier his month.