More than two billion breached Fortnite accounts have gone up for sale in underground forums up to now in 2020 alone.
Hackers score over a thousand dollars annually, selling compromised accounts for the favorite Fortnite video game in underground forums.
With Fortnite’s immense popularity skyrocketing over the last couple of years — it now has over 350 million worldwide players — that the sport is a rewarding target for cyber-criminals. In actuality, so lucrative that two billion broken accounts have gone up for sale in underground forums up to now from 2020 alone, according to a new report.
After tallying the auction earnings for many high-end and nonprofit Fortnite account vendors over three months, researchers found that on the high end, sellers averaged $25,000 a week in account earnings — approximately $1.2 million each year.
“The market for stolen accounts sales is a lot bigger than just the gaming industry…However, from our study, the black market for the buying and selling of stolen Fortnite accounts is one of the most expansive, and the very rewarding,” said researchers with Night Lion Security in a report last week.
Researchers said the value of a hacked Fortnite accounts is centralized around a character’s in-game”skin” (basically a digital costume). Players of the game can buy these in-game accessories using Fortnite’s money, known as V-Bucks. A few skins are rare and worth plenty of money; for example, the “Recon Expert” skin is among the most precious, averaging about $2,500 per account.
These Fortnite accounts are originally hacked via simple brute force and password cracking: Username-and-password mixes can be extracted from data breaches of other businesses and assessed against Fortnite accounts, as lots of men and women reuse passwords.
Cyber-criminals have tools that could make these kinds of techniques even simpler. One well-known password cracker in underground hacking circles (called “DonJuji”) says high-end Fortnite cracking tools can average between 15 and 25 million evaluations per minute (approximately 500 accounts checks per second), according to the report.
Epic Games does restrict the number of logins allowed per IPs to restrict password cracking attempts. However, cybercriminals bypass it by utilizing automatic proxy turning, making a new IP for every petition. One popular Fortnite account checker named Axenta (costing $15 a month), for example, provides automatic proxy turning, in addition to lots of other different built-in tools enabling password checking and automated password-changing.
Cybercriminals then create “logs” of those varying compromised accounts and sell them. These collections, which include a few million stolen accounts, are sold in personal Telegram stations for anywhere between $10,000 and $50,000. From that point, accounts are then extracted from the log and separately posted for sale.
Night Lion Security paints a picture of a sophisticated underground marketplace, with”vendors” originally selling those logs to”resellers,” who then sell them to”consumers.” Many accounts resellers host their own accounts stores on websites (such as shoppy.gg or atshop.io), which feature a mixture of accounts that may be bought, such as Netflix, Disney+, HBO Max, and much more.
These marketplaces are highly organized, even including customer support and return policies. One website is modulated by a system known as”Community Checkup.” Community Checkup, which is composed of five”judges,” keeps track of scammers, sellers, and buyers that are breaking community bylaws.
According to the report, video games are generally very profitable for cyber-criminals, with Roblox, Runescape, and Minecraft proving to be popular on underground forums.
We can then confidently forecast that an additional 30 percent earnings, or $300 million annually, can be generated by tallying the black-market earnings for every other video game in life, conservatively making the whole hacked video game market a billion dollar per year industry, said researchers.
Fortnite has faced various security difficulties. In 2018, many malicious Android programs purporting to be Fortnite were discovered accessing cameras, wiping and harvesting device data, and recording sound on victims’ phones. In 2019, Epic Games patched a bug that could have allowed hackers to break into countless Fortnite accounts and steal virtual money or resell digital goods. That year, ransomware called “Syrk” targeted gaming juggernaut Fortnite’s enormous user base, purporting to be a game hack tool.