Popular mobile game Fortnite, currently in a legal battle between its developer Epic Games and Apple, is a goldmine for hackers as cybercriminals are selling stolen accounts and in-game skins for around $1.2 million (about Rs 8.7 crore) per year. .
The hackers first collect a few thousand stolen Fortnite accounts and auction them off on private Telegram channels selling between $10,000 and $40,000 per log.
“The black market for buying and selling stolen Fortnite accounts is among the most extensive, and also the most lucrative,” according to a new report from Night Lion Security, a cybersecurity consulting and investigative firm.
Low-end sellers of hacked Fortnite accounts earn an average of $5,000 per month, or $60,000 per year, which gives an overall average of $40,000 per month, or $480,000 per seller/per year in sales of stolen accounts.
Launched in 2017, Fortnite features a battle royale format where 100 players compete to survive as the last player standing on a remote island.
The popular game has amassed a huge following of over 350 million players and is available on multiple platforms.
Verifying valid Fortnite accounts can be as simple as loading a list of email/password combinations into the right software.
DonJuji, a well-known and respected hacker in underground hacking circles, said high-end Fortnite hacking tools can average between 15-25,000 checks per minute, or around 500 account verifications per second.
Epic Games is working to stop these bulk account verifications by limiting the number of logins per IP address.
“Hackers circumvent this restriction by using expensive proxy rotation services like Luminati or OxyLabs, which provide a new IP address with each request,” the report said.
The value of a hacked Fortnite account comes from the in-game character “skin”.
“This unique digital costume is what makes these accounts so valuable and is at the heart of the entire Fortnite Underground Market.”
According to several successful hackers, searching for “skins” on Epic Games logins will yield an average success rate of 10-15%.
Assuming a batch of 20,000 verified accounts, a seller will end up with around 2,000 “skins”. These “skins” are then packaged and sold as a single “Log”.
According to the report which also involved the help of threat intelligence platform Data Viper, hacking groups like Gnostic Players and Shiny Hunters account for the vast majority of breaches involving stolen user data and are indirectly responsible for feed an entire criminal economy of stolen accounts.
Roblox, Runescape and Minecraft are three games that appear to be even more profitable.
“Adding a +33% change, or $186 million per game, brings the total gross profit to $700 million per year for just four video games,” the results showed.
An additional revenue of 30% or $300 million per year can be generated by accounting for black market sales for all other video games in existence, “conservatively making the entire pirated video game market an industry of a billion dollars a year.
The current Covid-19 pandemic appears to be accelerating demand for gaming accounts as people continue to be out of work, giving them plenty of time to play video games.
To date, video game companies have failed to slow this underground economy, with high-end pirates and sellers of these accounts continuing to generate between six and seven figures in revenue per year, according to the report.