The Fortnite scandal is based on the revelation that attackers are checking 500 accounts per second to look through previously stolen login credentials to hack into any Fortnite accounts. On average, these accounts can be sold for $200 – $250 each. The news was broken by Bloomberg.
To gain an insight into the specific and wider implications, Digital Journal caught up with Ben Goodman, a CISSP and SVP of Global Business and Corporate Development at ForgeRock.
Goodman begins by explaining that the attack exposes fundamental flaws with many online platforms: “This hack demonstrates the fundamental weakness of the traditional password and username method of authenticating users.”
With passwords, a typical user has to remember too many; this means that people often re-use passwords and this makes it easier for hackers once one password has been obtained, Goodman explains.
In turn, Goodman considers the wider ramifications: “Every data breach of a system using passwords and usernames makes downstream breaches more likely, which is what we saw here. Criminals used automated tools that allowed them to see whether login credentials stolen in other data breaches could be used to unlock any Fortnite accounts.”
Goodman explains that, with preventative actions: “The only way to stop these type of malicious attacks and to protect consumers is for businesses to stop using usernames and passwords to authenticate their users. Businesses should instead embrace alternative user authentication methods, such as behavioural biometrics and multi-modal authentication systems, which keep users secure without requiring users to memorise hundreds of passwords.”
As an example, website GamesRadar provides advice on methods to enable two-factor authentication on Fortnite accounts.