Fortnite has become one of the most popular games in the world, and that sort of ubiquity can make any game a target for hackers who want to exploit a system’s weaknesses. Players reporting compromised accounts have become something of a trend on the game’s subreddit, in fact. Fraudulent card charges, sometimes totaling hundreds of dollars, seem to be a relatively common complaint among those who find themselves with hacked accounts.
“Your Epic Games account has been locked due to multiple invalid login attempts,” the launcher will tell players. That means someone else is trying very hard to get in, and now no one has access. It’s a frustrating situation.
It’s unclear if hackers are taking advantage of a unique flaw in Fortnite, or if they’re using standard phishing techniques and exploiting bad password practices on the part of the players. Epic Games seems to think it’s the latter.
“We are aware of instances where users’ accounts have been compromised using well-known hacking techniques and are working to resolve these issues directly with those players affected,” the company told Polygon via email. “Any players who believe their account has been compromised should reach out to our player support immediately.”
Before that happens, however, you can take steps to keep your account safe. And they begin before you even install the game.
There is only one safe place to get Fortnite
Fortnite drives a massive amount of Google traffic at the moment, and you’ll find many places to download the PC game after a quick search. The problem is that a lot of those places aren’t Epic Games.
I’m not about to download any of these files to see what they are, and neither should you. Make sure you’re getting the launcher through Epic Games itself, and not a third-party download service.
Check the account security bulletin
Epic Games has released a bulletin that offers a good crash course in basic account security with a focus on what Fortnite specifically offers to keep players safe. It’s a great place to learn a bit about account security, including some of the most basic techniques we’ll discuss in this post. Read it, learn from it and put at least some of the suggestions into practice. It’s good advice.
Make a unique password for the game
This has less to do with Fortnite and more to do with basic password discipline, but make sure you’re not re-using a password from any other account or service. It’s simple — and common — for people to try using hacked passwords and email accounts from one service to log into another. Using a new, strong password for Fortnite — and every other service you use — is an easy and effective way to protect yourself.
Epic has even stated that they’re spending time trying to match Fortnite passwords with existing hacks to keep players safe.
“At Epic, we’ve been working hard to try to hunt down password dumps in order to proactively reset passwords for player accounts when we believe they are leaked online,” the account security bulletin states. “While this approach involves a lot of manual work on our side, we believe that it prevents a significant amount of fraud.”
The company is in the process of improving and automating these efforts, but I wouldn’t rely on any outside company to do this work for you. Getting into the habit of creating a new password every time you sign up for a game or service will go a long way to protecting your overall security online.
Set up two-factor sign-in
This is a relatively new setting for the game, and it’s one everyone should take advantage of.
“To opt into Two-Factor Sign In, go to your Account Settings and click on the Password & Security tab,” Epic says. “Scroll to the bottom and click the Enable Two-Factor Sign In button. That’s it! Please note that your email must be verified before you can enable this feature.”
Epic will require you to enter a code they email to you once this feature is enabled, but that doesn’t mean you’ll need to check your email every time you want to log in.
“You will be prompted for the two-factor sign in code the first time you login after enabling the feature if you use a new device, clear browser cookies, or it’s been over 30 days since you last signed in,” the official page explains.
Signing up for this extra level of security is easy, and it goes a long way in keeping your account safe.
Pay attention to your Fortnite transactions
Are you seeing charges on your credit card statement that you don’t remember making? Are you getting confirmation emails from Epic about transactions you weren’t aware of? Congratulations, it looks like someone has your account information!
You can limit the amount of damage that hackers can do by creating a support ticket with Epic and contacting your bank as soon as you see a fraudulent charge. Don’t wait until it happens a few times; take action immediately if fishy charges begin to show up.
This is basic advice, but it can save your butt
There are no indications that Fortnite has any specific security flaws that make it easier to hack, and if that’s the case, it means you can significantly decrease your chances of getting hacked with existing, effective security and using password best practices.
But don’t stop with Fortnite, even though the size of its player base makes it a tempting target. Sign up for two-factor authentication in every game you play, if it’s offered. Never reuse passwords. Don’t tell people your passwords. Pay attention to your credit and debit card transactions to catch fraudulent charges as quickly as possible.
Can you do everything right and still get hacked? It’s possible, but you remove the vast majority of the risk by being smart. No systems are 100 percent safe, but you don’t have to do any of the hackers’ work for them by being an easy target.
Update (April 6): We’ve updated this post with additional details. Players are continuing to have problems with Fortnite accounts being locked due to brute-force login attempts, and are often flooded with emails as hackers try to access their accounts. Unfortunately, the best way to “fix” these situations is to try to avoid them in the first place. Keeping your account safe with the techniques above remains important.