Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept
https://www.theregister.co.uk/2019/01/16/fortnite_security_vuln_token_theft/
Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to phish their marks.
Infosec biz Check Point discovered the XSS vuln, which, when combined with a login redirect attack, had the potential to let a mischief-maker gain access to user accounts without having to trick targets into handing over usernames and passwords.