A “well known” hacking technique has been used on some Fortnite accounts resulting in hundreds of dollars of fraudulent in-game purchases.
“We are aware of instances where users’ accounts have been compromised using well-known hacking techniques and are working to resolve these issues directly with those players affected. Any players who believe their account has been compromised should reach out to our player support immediately,” said Epic in a statement to Kotaku.
Epic are now issuing refunds to any players who may have been compromised and urge people to turn on the two step authentication procedure they have recently added. However, if this was such a “well known” technique then the question is why weren’t Fortnite players protected from it?
You can contact Epic player support here.
Starman
Epic have been warning users about fake sites offering free in game currency, so it’s probably that. Also not much they can do when users are entering their details on said sites.
MrYd
Yes, it does sound like it’s some sort of phishing thing, although is that really hacking? Possibly some of those dodgy sites you mention are installing nasty stuff to get the info that way?
Either way, it doesn’t sound much like Epic’s fault. And they deserve some credit for sorting it out and issuing refunds. (Although, that may well be in their interest anyway. A load of disputed charges isn’t great for them)
Don’t go to dodgy websites pretending to offer free stuff, and turn on two factor authentication wherever it’s available. It’s potentially worse if that option is available and you don’t turn it on than it is if it’s not available. If someone gets in to your account and turns it on themselves, it’ll be even harder to sort out.
Mr.Gorha
I had an email saying I’d been locked out of my account for multiple failed logins.
I can only assume the well known technique is “Try ‘password’ for the password”.
My account is safe, they didn’t get in.
Mr.Gorha
Just for clarity, obviously I’ve not used phishing sites, downloaded fortnite directly through PSN and like all well aged PSN users I don’t keep any card details on my account.
MrYd
Sounds like they’ve at least got some security there then, if it locks you out after multiple failures.
I’d guess either someone was using passwords that have leaked from somewhere else and hoping you’ve reused one (which is obviously not a good thing to do), or some sort of dictionary attack. Which gets foiled by the multiple login thing. Unless your password is “aardvark” or something.