Single sign-on providers like Google, Facebook and X-Box are built into Fortnite's user login process and Check Point researchers used this to bypass the user login process.
When a user logs in to Fortnite from the Epic Games website, a request is generated for a single sign-on token. This token is returned to the login page and the user is then given access.
The Check Point team found a flaw in login page which is accounts.epicgames.com as the domain had not been validated and could hence be tricked through a malicious redirect. The researchers redirected traffic to another Epic Games sub-domain which is not in use.
The token would then be resent to the sub-domain and the attacker was able to collect it through the injected code.
"For the attack to be successful, all a victim needs to do is click on the malicious phishing link the attacker sends them," the Check Point team wrote.
"To increase the likelihood of a potential victim clicking on this link, for example, it could be sent with an enticement promising free game credits.
"Once clicked, with no need even for the user to enter any login credentials, their Fortnite authentication token would immediately be captured by the attacker."