The popular mobile game Fortnite, currently in a legal battle between its developer Epic Games and Apple, is a gold mine for hackers as cyber criminals are selling stolen accounts and in-game ‘skins’ for roughly $1.2 million (about Rs 8.7 crore) per year.
The hackers first collect few thousand stolen Fortnite accounts together and auction in private Telegram channels selling from anywhere between $10,000 and $40,000 per log.
“The black market for the buying and selling of stolen Fortnite accounts is among the most expansive, and also the most lucrative,” according to a new report from Night Lion Security, a cyber security consulting and investigation firm.
The lower-end sellers of hacked Fortnite accounts earn an average of $5,000 per month, or $60,000 per year, yielding an overall average of $40,000 per month, or $480,000 per seller/per year in stolen account sales.
Launched in 2017, Fortnite features a battle royale format where 100 players compete to survive as the last player standing on a remote island.
The popular game has amassed a huge following of over 350 million players, and is available on multiple platforms.
Checking for valid Fortnite accounts can be as easy as loading a list of email/password combinations into the right software.
DonJuji, a well-known and respected cracker in underground hacking circles, said that high-end Fortnite cracking tools can average between 15 and 25 thousand checks per minute, or roughly 500 account checks per second.
Epic Games makes efforts to stop these mass account checks by limiting the number of logins per IP address.
“Hackers circumvent this restriction by using expensive proxy rotation services like Luminati or OxyLabs, which provide a new IP address with each request,” the report said.
The value of a hacked Fortnite account comes from the character’s in-game �skin’.
“This single digital costume is what makes these accounts so valuable, and is at the core of the entire underground Fortnite market”.
According to several successful crackers, checking for �skins’ on Epic Games logins will yield an average success rate of 10-15 per cent.
Assuming a batch of 20,000 checked accounts, a seller will end up with approximately 2,000 ‘skins’. These ‘skins’ are then packaged and sold as a single “Log”.
According to the report that also involved help from threat intelligence platform Data Viper, hacking groups like Gnostic Players and Shiny Hunters account for a vast majority of breaches involving stolen user data, and are indirectly responsible for fueling an entire criminal economy of stolen accounts.
Roblox, Runescape and Minecraft are three games that appear even more profitable.
“Adding a variation of +33 per cent, or 186 million per game, brings the total gross profits to $700 million per year for just four video games,: the findings showed.
An additional 30 per cent revenue or $300 million per year can be generated by tallying the black-market sales for every other video game in existence, “conservatively making the entire hacked video game market a billion dollar a year industry”.
The ongoing Covid-19 pandemic appears to be accelerating the demand for gaming accounts as people continue to be out of work, giving them plenty of time to play video games.
To date, video game companies have not been successful in slowing down this underground economy, with the higher-end hackers and sellers of these accounts continuing to make anywhere between six and seven figures per year in revenue, the report said.