Search KoopaTV!


Thursday, January 17, 2019

Your Fortnite Account's Credit Cards Could've Been Hacked

By LUDWIG VON KOOPA - The could've would turn into would've if the method fell into the wrong gloves.

Being a hipster—and I'm not saying I'm a hipster, since I have legitimate grievances against Fortnite—has advantages. We know that hackers target gamers for a variety of reasons, covered here. Hackers want to get the highest return on investment for their time, so they want to go after online games with large userbases that involve e-commerce or micro-transactions. Bonus points if that userbase consists of idiots, children, or idiotic children. There isn't a game that fits all of those criteria right now better than Fortnite, which is pretty much the most popular game on every platform it's on, which is basically anything modern that can play games.

There are probably tons of scammers out there trying to target unsuspecting Fortnite players and extort value from them. I don't encounter these since I'm suspecting and not a Fortnite player, but it's out there. Something about whatever a V-buck is and the desire to obtain more of them is just that captivating. As a result, millions and millions of people have provided Epic Games their (or their parents’) credit card details, stored for easy use.

I've written about the dangers of storing your credit cards with any game provider infrastructure, and that's one of my biggest issues with Nintendo Switch Online right now

And this is exactly why. Check Point Research, a cyber threat intelligence outfit, documented how they were able to—through sophisticated means that could take advantage of a better-than-unsuspecting Fortnite player—hack accounts (and their credit card spending ability, as well as impersonating the victim in voice chats with their friends) through weaknesses in Epic Games's cybersecurity infrastructure. It's not even true phishing since the user isn't putting in their log-in information!

Epic Games single sign on Fortnite account PlayStation Xbox Nintendo Facebook Google
Through single sign-on, they could get you via any major platform, Facebook, or Google.
It doesn't appear that the Nintendo Switch's lack of an Internet browser would save you.

It's scary stuff if you go and read it. Fortunately, Check Point Research doesn't appear to be a group of scumbags, so they told Epic Games and they apparently fixed the vulnerability.

I'm not going to say that Fortnite is bad because the developers haven't fixed every security threat that could exist around the game. This isn't even Fortnite-specific. My understanding is that anything from Epic Games could have potentially fallen victim to this. And when you have thousands and thousands of old web pages for old projects that you're keeping around, yeah, some might not have the latest web standards.

Good thing KoopaTV doesn't store information about you. Or have accounts, for that matter.

One positive thing that would've happened if these hacks were being done by real malicious people is that if someone is currently using your account on Fortnite, you can't go and play it too. One at a time. So Fortnite players would have to play or do something else, which is almost assuredly a better experience anyway.

And if they decided to go to KoopaTV and do anything, then it'd be a guaranteed better experience. Heck, even our still-glitched-in-user-interface-because-Ludwig-has-not-done-anything-about-it KoopaTV-published videogames would be superior fun to Fortnite.

The lesson here isn't that you should visit KoopaTV for entertainment (though if that's what you got from this, then you're ahead of the curve), but to not click suspicious hyperlinks. Suspicious includes anything with a shortened url. You can use a url unshortener to see where you're really going. You also shouldn't indefinitely store payment information on a platform. Even if you don't want to re-input it every time you make a purchase. Maybe you shouldn't be spending money so often anyway.

Despite the fact that Ludwig said he wasn't holding this vulnerability against Fortnite, the only reason he wrote this article was to write something negative about Fortnite. By the way, you can't even give money to KoopaTV, but KoopaTV gives money to you. On a regular basis. It's called the KoopaTV Loyalty Rewards Program. Read up on it. You'll like it.


  1. I avoid storing my credit card information whenever possible. It can be tedious to have to enter everything every time, but it's safer.


We embrace your comments.
Expect a reply between 1 minute to 24 hours from your comment. We advise you to receive an e-mail notification for when we do reply.
Also, see our Disclaimers.

Spamming is bad, so don't spam. Spam includes random advertisements and obviously being a robot. Our vendor may subject you to CAPTCHAs.

If you comment on an article that is older than 60 days, you will have to wait for a staffer to approve your comment. It will get approved and replied to, don't worry. Unless you're a spambot.