The creators of the massively popular online game Fortnite have acknowledged a security flaw that may have put players' accounts at risk.
Check Point Research said Wednesday they discovered a bug that would allow hackers to obtain users' login username and password if they clicked on a phishing link; the user would not need to enter any information at this link for their account to be taken over by the hacker, they say. The group blames this on a "vulnerability found in some of Epic Games' sub-domains."
Epic Games, the company behind Fortnite, says that the security bug has been fixed, though it did not disclose how many users were affected. "We thank Check Point for bringing this to our attention," the company said, per Fortune.
Since Fortnite thrives off in-game currency, once a hacker had logged in to a victim's account, they would be able to make purchases using the person's credit card information, The Washington Post notes. Check Point Research also points out that hackers could have been able to listen into private chats by impersonating the user they hacked, although Epic Games clarified to The Verge that the hackers wouldn't be able to eavesdrop on the person whose account they'd taken over.