A weakness in Epic Games’ authentication process for Fortnite left gamers’ accounts exposed to take over risks. An attacker could have stolen login tokens by just tricking the victim into clicking a link. A combination of an unvalidated subdomain and cross-site scripting (XSS) in another allowed security researchers to bypass the protections implemented by the single sign-on (SSO) access control mechanism used for logging into the popular game. Researchers at Check Point were able to request a second time the authentication token from SSO provider and redirect it to a vulnerable page that allowed stealing it.
Source: https://www.bleepingcomputer.com/news/security/bug-in-fortnite-authentication-left-accounts-open-to-take-over/