A security bug recently allowed hackers to access Fortnite accounts after sending out links to users of the game. When Fortnite players clicked on the link, the hackers were able to use their accounts to purchase V-bucks. They would then gift these V-bucks to another account. This hack also permitted the attacker to impersonate the affected user by talking on their friends list.
The vulnerability originated from the single-sign-on (SSO) where users can sign into google to access their Epic Games accounts. The corrupted SSO lead to a redirected URL, which the hackers exploited to send victims to a fake page. When users entered their information again, the hackers were then able to retrieve their passwords and accounts for the game. Fortnite is a hot game to target for hackers, especially with so many young players.