Fortnite hackers make $ 1 million a year stealing your skins
Some Fortnite hackers are now making $ 1 million a year
Fortnite made headlines much later, with Epic Games taking legal action against Apple and Google. If you want to play the final season of Fortnite on Apple hardware, you’re out of luck. Android users can join the action if they install Fortnite directly from the Epic Games website, an option not available to iOS users. The news that interests me, however, as a gamer with a professional interest in cybersecurity issues, is how vibrant and profitable Fortnite’s underground economy is.
How profitable, do I hear you ask? What does $ 1 million (£ 750,000) per year in sales of stolen accounts look like? Sure, it’s towards the high end, but criminals make that kind of money, $ 25,000 (£ 19,000) per week, because of the value of stolen character skins.
And because hackers know how to compromise your account.
MORE FROM FORBESHow 25 Dice in a Box Solve the Secure Password Puzzle – Introducing DiceKeysBy Davey Winder
Fortnite's underground cybercrime economy
Vinny Troia, CEO of Night Lion Security, released his report on Fortnite’s cybercrime underground economy today. That doesn’t make a very encouraging read if you’re a Fortnite gamer. If you’re a Fortnite account hacker, on the other hand, it reinforces what you already know – there’s a lot of money to be made for hacking game accounts.
It all starts and ends to be honest with a loss of account security when it comes to logins. Username and password combinations from data breaches, and not just from gaming sites themselves, are traded on the dark web.
A recent Dark Web audit revealed a staggering 15 billion stolen connections from over 100,000 available breaches. Some hackers sell these identification databases and others give them away for free to other cybercriminals.
The point is, if you reuse the same credentials, the same passwords, across multiple accounts, you’re asking for trouble. If one of these sites or services is hacked, all the others are open to attack. You’ve opened yourself up to a credential-jamming attack, to be precise. This is where the breached credentials are used to try to gain access to high value accounts elsewhere, high value like your Fortnite account.
Even if you use simple variations of the same password, such as incremental dialing, you are not safe. The variation testing is done in double time thanks to fully automated processes.
MORE FORBES60 Seconds of Cyber Security: Here’s What Happens in a Single Minute Malicious InternetBy Davey Winder
Fortnite accounts cracking
According to Troia, a Fortnite account hack tool can on average 500 account verifications per second. The most successful hackers are those who understand the psychology of creating passwords among the general population, including Fortnite gamers. Troia quotes a prolific password cracker saying that a lot of people use “small, predictable changes” such as capitalization differences, for example. Then there is the use of email addresses and usernames as password seeds, etc.
It’s not easy for the Fortnite hacker. Epic Games limits, for example, the number of connections allowed per IP address to prevent such automated mass account detection. But, says Troia, hackers bypass these barriers by paying for proxy rotation services, which can issue a new IP address for each account verification request.
These don’t come cheap, a Fortnite hacker said he pays more than $ 10,000 (£ 7,500) per month for such services. These services do not use IP addresses which are typically associated with such proxies or VPNs, but instead use residential IP addresses to be more likely to go through any filtering put in place by Epic Games.
But it doesn’t end there. Another tool, a Fortnite account checker capable of automatically changing passwords, checking available skins, etc., is used to do this. The most effective version of this tool is sold for personal reference only, on a license of $ 2,000 (£ 1,500) per month.
I have contacted Epic Games regarding the account protections in place and will update this article once I have a statement to publish.
MORE FORBES Bye passwords, hello to 1000 trillion atom “unbreakable” quantum IDs By Davey Winder
A million dollar a year criminal enterprise
So, with the criminals investing quite a bit of money in the tools they use to open Fortnite accounts, you can be sure a profitable return awaits them. Out of 20,000 accounts available to hackers, maybe 2,000 will ship with associated character skins.
These accounts can be lumped together in a collection known as a newspaper and sell for as low as $ 10,000 (£ 7,500), Troia states that one such newspaper sold for $ 38,000 (£ 28,750) in an auction sale. private auction of the Telegram channel.
Buyers will then loot those accounts and sell them on. Individual Fortnite accounts with a skin can sell for between $ 25 (£ 19) and £ 2,500 (£ 1,900) depending on the rarity of the skin involved.
This higher = final amount was achieved earlier this month for an account with a “Recon Expert” skin, for example. Then there is the value of the account itself. If it is not linked, it is not linked to an existing PlayStation Network account, so the value doubles compared to a linked account.
Suppose the account comes with the “bonus” of accessing the owner’s hacked email account, unsurprisingly known as a full access account, then the value triples. Troia says a single full access expert skin account can sell for $ 10,000 (£ 7,500).
The most successful criminals in Fortnite’s underground cybercrime economy earn, according to the report, an average of $ 25,000 (£ 19,000) per week, or more than $ 1 million (£ 750,000) per year. Even at the more normal, lower end of the criminal market, hackers earn $ 5,000 (£ 3,750) every week.
Mitigation tips are simple, so follow them
My advice, as always, is to make sure that you use strong and unique passwords for each site or service you use. A password management application makes this task easier. Do not reuse passwords. Already.
MORE FORBES Hackers Post ‘Vote Trump’ Messages on Gaming Platform with 90 Million Users By Davey Winder