A lot of games these days are based around online functionality, and in the case of a widely popular game like , it means that there is a possibility of having your account hacked just because the game is such a huge target. Well, some accounts in the game could have become compromised through a 15-year-old webpage.
CNET has a rather troubling story about an old webpage from back in 2004, which had a security flaw. The security vulnerability was spotted by Check Point back in December, where it was discovered that nefarious-minded individuals could use the ancient website to access accounts.
Yes, the old website allowed hackers to access accounts; and not just disabled or old accounts, but presently active accounts that have been playing and purchasing things from the Epic Games Store cash shop. Worse yet is that the account access reportedly allowed hackers to listen in on voice chat conversations, and even go so far as to access the credit card information of users and purchase things from the shop.
That’s kind of a scary vulnerability to let hackers have access to. GameStop ran into a similar problem a while back when its customer account information was compromised and some payment data was accessed by hackers.
In this case, the issue was fixed and the security hole through the website was plugged in January. It’s interesting that a website for the old first-person shooter versions of the game that were out back on the OG Xbox and PC from more than 15 years ago would pose a threat for players in today’s generation of gaming, several generations later.
This isn’t the first time that Epic Games has encountered a security flaw with though. Back in the summer of 2018 there was another security flaw discovered by Google after Epic refused to put on the Google Play Store to avoid having to pay the 30% distribution fee for Android phones. That business decision did, sort of, come back to bite Epic in the butt, as a standard certification check would have spotted a security flaw in the Android app,
Things didn’t quite work out as well for Epic as far as public relations were concerned for the flaw, because instead of privately going over the flaw with Epic Games, Google opted to publicly share it, and Epic had to quickly attempt to fix it. This caused strain between Epic and Google, with those at Epic feeling that Google should have brought the security issue to them in private and not publicly broadcast it.
Either way, this second security breach was definitely a lot more serious than the one for Android devices, especially given that hackers could have gained access to credit card information and made purchases through the accounts after using the website. What’s weird is that, in a way, this does kind of lend credence to Sony’s apprehension for cross-platform play after citing security concerns from other platforms as the reason for not allowing the feature on the PS4. However, it turned out that the compromised platform was on PC, which is the one platform that the PS4 did have cross-platform support for.
Thankfully, the issue has been fixed and gamers don’t have to worry about a 15-year-old website being the catalyst for compromising their account.