If you have tweens or teens, you are probably aware of the popular game Fortnite. Though it might say that it’s free, playing Fortnite can actually be quite expensive, and it could put player’s accounts at risk due to a security flaw.
A bug was recently discovered that allows hackers to obtain the login credentials of Fortnite users if they clicked on a link in a fake email. The company responsible for Fortnite, Epic Games, has acknowledged the bug but won’t say how many people were affected.
Not only could a hacker access a user’s Fortnite account, they could make in-game purchases using the person’s credit card, which is connected to the account. Hackers could also listen in to private chats!
How it Happens
You might wonder how players would actually click on these fake email links. Well, it happens all of the time. In this case, the users clicked on a link that took them to a site that promised to give them “V-Bucks,” which are the in-game currency for Fortnite. Once the players enter their information in, sometimes even asking for credit card information, the hackers have all they need.
Most games like this have an in-game currency, and Fortnite is no exception. Players can buy things like outfits for their players, better weapons, and even bonus items. So, even kids who don’t have their own credit cards will often sweet talk their parents into giving their credit cards, and once that info is in the game, you can use it whenever you want to make purchases.
Fortnite for Money Laundering
Hackers also known as “carders,” who specialize in stealing and selling stolen credit card numbers, are using Fortnite as a bank. They are using stolen credit card numbers to make V-Buck purchases and selling them to other players at a discount. When playing Fortnite in Battle Royale mode and earning “Photons” (a new form of cryptocurrency), it seems the hackers can set up a crypto wallet connected to their account to withdraw the stolen funds.
Protecting Your Card
If you have given your kids permission to use your credit card for Fortnite, you are not alone, but you should take steps to protect it.
The first thing you should do is set up a passcode, one that your kids can’t guess. This means they cannot buy anything in the game unless you approve it. You will have to do this on the gaming console you use. Xbox, for instance, allows you to set a code for the following actions:
- Signing in when the console is turned on
- Updating device settings
- Making a purchase
Microsoft also advises its users against putting a credit card into the Xbox account of any child or other family member who you don’t want making any in-game purchases. This way, you can keep your family safe, and keep your money safe.
Beware of Phishing
Make sure your kid isn’t providing email addresses (theirs or yours) to anyone on Fortnite. If they do, there’s a strong possibility they might provide it to a criminal phisher. Once this happens, tricky phishing emails that look like they are coming from Fortnite designed to steal passwords are likely to hit your inbox.
Set up Two-Factor Authentication
Any and every account that is considered “critical,” which means it contains personal or sensitive information, should have two-step or two-factor authentication.
Fortnite provides this, and parents MUST enable it. Go to Logins, and open account settings at your username in the top right corner. Then, select password security. At the bottom, click on “two-factor” sign in.