Epic Games’ Single Sign-On implementation leads to a redirect URL whenever a player signs in using Facebook, Google, PlayStation Network, Xbox Live or Nintendo Switch Online. Hackers can exploit the redirect URL and gleam login details from a victim. From that point, all the hacker needs to do is to convince a victim to click on a suspicious link. And since only one login is allowed at a time, this means that the original account owners are locked out for as long as the hackers hang on to the compromised account. Hackers can then use the hacked accounts to buy V-Bucks, and then gift it to their own accounts or resell them elsewhere. In a statement to The Verge, Epic Games said that it was made aware of the vulnerabilities, and that it had addressed the issue. “We thanks Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others.” (Source: Check Point Research via The Verge)
