The sale of stolen login credentials for the popular battle royale game Fortnite nets the most prolific hackers more than €1 million a year, according to a new research report. Published by Night Lion Security, the report examines the lucrative black market for stolen video game accounts, which has grown into a billion-dollar industry in recent years. Fortnite is at the heart of this underground economy and accounts for hundreds of millions of dollars in illegal sales. The demand for stolen Fortnite accounts is mainly due to the popularity of character skins, which alter the player's appearance in-game, but have no impact on gameplay. The more rare skins an account has, the more will be sold on the black market. On average, Fortnite account sellers would earn €40,000 per month (or €480,000 per year), and the top earners would make a whopping €1.2 million per year, more than the vast majority of doctors, lawyers, bankers and executive directors. . In one recorded case, a batch of accounts with attached rare skins sold for up to €38,000 through a private auction held on the Telegram messaging platform. Accounts with the coveted “Recon Expert” skin, meanwhile, would earn around €2,500 each.
Fortnite hackers
To access Fortnite accounts, hackers use login information obtained from previous data breaches, which is then tested against a database of Fortnite players. This type of attack is called "credential lockout" and is based on the fact that many people reuse passwords across multiple online accounts. For example, with an email and password combination, a hacker could gain access to an individual's Facebook, Gmail, Netflix, and Amazon accounts, and possibly their Fortnite account as well. "Hacking groups like Gnostic Players and Shiny Hunters are responsible for the vast majority of breaches involving stolen user data and are indirectly responsible for fueling an entire criminal economy with stolen accounts," said Vinny Troia, founder of Night Lion. Security. "These stolen accounts are then packaged and resold in a number of sub-ecosystems, the most profitable being the hacked game account marketplace." Specialized tools are then used to determine if the stolen credentials can be used to access active Fortnite accounts. According to DonJuju, described as a "respected cracker in underground hacking circles", the best cracking tools can perform between 15.000 and 20.000 connection checks per minute (or 500 per second). While Fortnite developer Epic Games has implemented measures to prevent users from making many login attempts in a short period of time, hackers bypass this filter using proxy rotation services that provide a new address request with each connection. IP, thus hiding suspicious activity. Accounts that have been successfully compromised are transferred through software designed to verify which skins are present on the account. Once their value is assessed, the accounts are bundled together to be sold as a single package to a reseller, which serves as a storefront for individual buyers. The Fortnite account sales market, including purchases made by resellers and individual buyers, is worth $142 million a year, and potentially more. The entire market, including illegal sales tied to popular games like Minecraft and Runescape, is worth over a billion dollars. To protect against account compromise, users are encouraged to use different passwords for all online accounts and protect each with multi-factor authentication if possible. Epic Games has not yet responded to our request for comment on the measures in place to protect players from hackers.