By exploiting an unsecured Unreal Tournament stats page from 2004, researchers were able to listen to Fortnite squad members speaking with each other and could have bought V-Bucks virtual currency using players' stored credit card details. The researchers found the problem in November. Epic has since resolved it and taken down the offending page.

The researchers were able to redirect access tokens (a type of authentication which keeps you logged into a service) from Epic's servers to Check Points' own, meaning they could access accounts without requiring passwords. You could have been affected even if you used a Facebook, Google, PlayStation, Nintendo or Xbox account instead of your Epic username and password to log in. Hackers used a similar method to steal 29 million Facebook users' data last year.

It's not the first significant security issue Epic has faced with the game. Soon after Fortnite arrived on Android, it emerged Epic's installer for such devices had a flaw that could have fooled players into installing a malware-packed fake version of the ultra-popular title.