Sign in / up

back to article Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept

Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to phish their marks. Infosec biz Check Point discovered the XSS vuln, which, when combined with a login redirect attack, had the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    "Epic has patched the vulns, according to Check Point, which disclosed them to the game publisher before going public."

    The fact that it was patched so quickly shows the incident handling works well. Sadly, why wasn't this old server picked earlier?

    4 2 Reply
    1. iron
      Reply Icon

      How quickly? The article contains no indication when the bug was first reported to epic, it could have been over a year ago. All we know is it has now been patched.

      9 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    That explains something...

    Back in April last year, I started getting lots of "Epic Games - Help Protect Your Account" e-mails saying my account had "been locked" due to multiple invalid login attempts.

    The e-mails appear to be genuine, but I never did anything about them as it was just a throwaway account to download an SDK. This would appear to be very old news.

    2 0 Reply
    1. Lyle Dietz
      Reply Icon

      Re: That explains something...

      I got something similar, saying there were lots of failed attempts to log into my account, and my account could get locked. It also asked me to turn on 2FA. I ignored them because I wasn't too worried about that account, and the password is unique.

      Now I'm curious, and I'll have to check the link that was sent to me in the email to see if it was a phising attempt.

      0 0 Reply
    2. MrMerrymaker
      Reply Icon

      Re: That explains something...

      Same. They were not phishing links either. They included the IP address of who, what was making the attempts and when.

      0 0 Reply
    3. steviebuk Silver badge
      Reply Icon

      Re: That explains something...

      Probably not old news as in now only gone public.

      0 0 Reply
  3. adam payne

    Older readers will remember the classic Unreal Tournament line of PC-based first-person shoot-em-ups.

    I still play them now. I am however a little miffed that Epic has shelved the new version of UT to concentrate on Fortnite.

    1 0 Reply
    1. Graham 2
      Reply Icon

      Somehow I doubt that UT is making money hand over fist in the same way that Fortnite is.

      2 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      >I still play them now.

      So do I but UT99 only with Nali Weapons 3, great mod and made UT99 interesting again.

      0 0 Reply
    3. jaffa99
      Reply Icon

      Agreed, I like the new UT, I'm too old for Fortnite.

      When I lived in the US (not that long ago) my colleagues didn't even know what a fortnight (the corrrect spelling) was.

      0 0 Reply
  4. Captain Scarlet
    Stop

    upper-bracket millennials

    I'm a what now!

    I'm so annoyed I am tempted to reinstall UT2004 and redownload some classic UT2004 mods from FilePlanet!

    2 0 Reply
    1. rmason
      Reply Icon

      Re: upper-bracket millennials

      Yeah I fall in that bracket too.

      People use the word "millennial" to mean "teenager" or "young person".

      I'm 37 this year. I'm a millennial.

      3 0 Reply
      1. phuzz Silver badge
        Reply Icon

        Re: upper-bracket millennials

        I'll be 39 this year, I think that still makes me a millennial.

        In fact, after talking to friends around my age, we came up with a more specific qualification rather than just age.

        If you're from the UK, and you had to pay fees at university, then you're a millennial. (Fees came in to force in July 1998 fyi).

        If you're older than that then you had a fundamentally different time at uni (you probably even got a grant), and if you're younger then you probably left uni with five figures of debt (3 x £9k).

        But of course we can't afford houses because we're all eating avocado on toast right?

        1 0 Reply
        1. Nick Ryan Silver badge
          Reply Icon

          Re: upper-bracket millennials

          Try being in the crossover period when students were being lied to about the loans not being, and never going to, replace student grants.

          They were touted as a "top up" to allow a student to live between terms during which the grant was meant to provide all the money that a student needed. Except for the slight hitch that due to the disparity between grants and hall fees many a student would have been left with £10 a term for everything else (not at all Uni's of course).

          What type of sour dough artisan toast are you having today? :)

          0 0 Reply
        2. Jack 12
          Reply Icon

          Re: upper-bracket millennials

          There was a cross-over period where you didn't receive any grants, but fees were capped at ~£1k per year and loans at something like 3x that, so you didn't necessarily have five figure debts on leaving. This may or may not be the same cross-over period Nick refers to.

          0 0 Reply
          1. phuzz Silver badge
            Reply Icon

            Re: upper-bracket millennials

            That was when I graduated, I 'only' owed SLC about £9k.

            Of course, by the time I was earning enough to actually pay that off, it was up to £11,000...

            0 0 Reply
        3. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: upper-bracket millennials

          Look at you and your fancy degrees.

          0 0 Reply
    2. adam payne
      Reply Icon

      Re: upper-bracket millennials

      ChaosUT mod

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like