The vulnerability, which Epic Games confirms it has fixed, is part of its website rather than the game client itself. Like many hacks, it begins with getting the target to click on a malicious link. The attacker’s site doesn’t have to deposit any malware on the system, though. All it has to do is copy the Fortnite login token.
With the login token, it’s a simple matter to launch Fortnite with the victim’s profile. The server sees the hacker’s computer as the same session that was open when the victim clicked on the malicious link. The hacker essentially is you on Fortnite, which gives them a great deal of control.
With access to a Fortnite account, the attacker can spend lavishly on virtual currency to drain your bank account. They can also play the game as you, but that would only cause you grief if they were particularly bad at the game or misbehaved in order to get you banned. Since Fortnite thinks the attacker is you, they also would have access to your voice chat content. That includes the ability to listen in on conversations you’re having via the fortnite v bucks generator
This is not the first time Epic had an embarrassing lapse in security. Shortly after it launched its Android build outside the Play Store, Google noted that the Fortnite installer app could be tricked into loading malware instead of the game. The developer has fixed the hole that allowed extraction of the login token. It also points out all gamers should