https://www.theregister.co.uk/2019/01/16/fortnite_security_vuln_token_theft/

Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to phish their marks.

Infosec biz Check Point discovered the XSS vuln, which, when combined with a login redirect attack, had the potential to let a mischief-maker gain access to user accounts without having to trick targets into handing over usernames and passwords.