Fact Checked

Fortnite security flaw exposed millions of players to hackers. Here’s how to better guard yourself online.

Boy playing games on a computerImage: Boy playing games on a computer
Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.

A security flaw in Fortnite may have allowed hackers to gain access to millions of online players’ data. There are no reports that hackers took advantage of the flaw — but it’s a big reminder to do all you can to reduce your risk online.

On Jan. 16, researchers at Check Point Research said they discovered some weeks ago that the online platform for Epic Games — maker of the popular video game Fortnite — had security vulnerabilities that could have allowed hackers to access millions of players’ accounts.

In addition to viewing account info, hackers could have taken over players’ accounts to make online purchases of Fortnite’s in-game currency, or even listen to and record players’ in-game and background conversations.

It’s unclear how many accounts may have been exposed, though millions of users play Fortnite each week. According to Wired, there were about 200 million registered player accounts at the end of 2018, and sources state the company fixed the flaw after Check Point Research raised it.

Epic Games hasn’t reported that any user accounts have actually been hacked in connection with this Fortnite security gap. But it’s a red-flag reminder to try to stay safer online.

Here are some steps to consider:


  • Keep passwords updated and secure. Even the strongest password probably wouldn’t protect you against the type of security flaw that Check Point discovered in Fortnite (it allowed for a different way of capturing login credentials — by getting users to click on a bogus link). Still, when securing your online data, passwords are a good place to start. Change them on a regular basis, make sure you use a combination of letters, cases, symbols, and numbers so your password is hard to guess, and don’t use the same password in multiple places.
  • Add multifactor authentication. Even if you have a strong password, some websites may not have secure data storage methods, which could leave your information vulnerable. For an added layer of protection, enable two-factor authentication on any site or account that offers it (Epic Games does).
  • Monitor your credit reports, and consider a credit freeze. If you’re worried that your personal info was vulnerable because of the security issue with Fortnite or another incident, you can ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze or place a fraud alert on your credit reports. If you’re a Credit Karma member, you may want to consider enabling our free credit monitoring service. We’ll notify you if we notice important changes on your TransUnion or Equifax credit reports so you can check for suspicious activity.

About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer and editor and holds a bachelor’s… Read more.