Epic Games patched a bug that could have allowed hackers to break into millions of Fortnite accounts and steal virtual currency or resell virtual goods. The vulnerability is tied to the way the single-sign-on (SSO) works between PlayStationNetwork, Xbox Live, Nintendo, Facebook and Google and the Epic Games server. An attacker could create a malicious link using a legitimate Epic Games sub-domain to trigger the attack. The company only acknowledged receipt of the bug notification and patched the vulnerability at the end of December.
Source: https://threatpost.com/fortnite-hacked-via-insecure-single-sign-on/140913/