Fortnite Accounts Hacked, Epic Issuing Refunds, What's Exposed And How To Secure It

Fortnite is an incredibly popular multiplayer sandbox survival game, which also means that it has a big red target painted on its back due to its huge install base. Fortnite's vulnerability to attacks has become more visible in recent weeks as players began discovering that their accounts had been compromised.

Apparently, hackers have found a way to infiltrate Epic Games accounts and rack of hundreds of dollars (or more) in purchases using an attached credit card through PayPal. Luckily for some of the Fornite victims, that have been able to obtain direct assistance from Epic Games.

"Have to give Epic some credit. Someone logged in to my account and bought the Ultimate upgrade (had PayPal tied to my account) and then took the two standard edition keys," wrote redditor NetJnkie. "Filed a report and got the notice that I'll get a refund this morning."

Some users weren't so lucky, however. "My account was also hacked about 4 days ago, and I didn't even get a single response from Epic or Fortnite," write RottenRazer. "The Hackers spent $110, used all my codes and selected all my in-game founder items. I emailed them 3 times via their help site saying my account was compromised and for a refund, tweeted them, and called their HQ. Still no response from them either."

fortnite 2

As you can tell from the response to NetJnkie, Epic Games is well aware of the problem. In fact, the company got in contact with Kotaku, writing, "We are aware of instances where users’ accounts have been compromised using well-known hacking techniques and are working to resolve these issues directly with those players affected. Any players who believe their account has been compromised should reach out to our player support immediately.”

It would appear that at least some of the victims -- or at least those that have publicly come forward -- allege that they have were using the same passwords across multiple internet accounts. As anyone knows these days, that's a recipe for disaster, as compromising one account can lead to a cascading effect that leaves other, unrelated accounts vulnerable to hacking. It's also possible that Fortnite players were "pwned" by basic phishing attacks.

fortnite 3

However, there are some steps that you can take to protect your Fortnite account from hackers. First and foremost, Epic Games posted an Account Security Bulletin earlier this month with a number of "best practices" that you can use to beef up your defenses.

Enable Two-Factor Authentication

Epic Games recently added this protection, which you can access from Account Settings --> Password & Security --> Enable Two-Factor Sign In. When you enter your password, Epic Games will send you a unique code that you will have to input to login. "You will be prompted for the two-factor sign in code the first time you login after enabling the feature if you use a new device, clear browser cookies, or it’s been over 30 days since you last signed in."

Don't Use Shared Passwords

This one should be a no-brainer. While reusing passwords may be convenient, they are a big liability as we mentioned earlier.

Use a Unique Password

Create a password that is hard to crack, and one that doesn't use personally identifiable information or common phrases. This might make the password harder to remember, but you can always resort to a password manager to do the heavy lifting.

Other Odds And Ends

Epic Games suggest that you not share accounts with friends or family members and that you keep your antivirus software and operating system up-to-date. The developer also warns that there's "No such thing as a free V-Buck", so don't be enticed by scams that are making the rounds. Those sites are just looking to steal your credentials so that they can rob you blind.

Epic Games is also doing things on its side to help protect Fornite players. "At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online," writes the developer. "While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud."