The Company
Epic Games, Inc. is a leading video game development company based in the United States. Epic Games operates Fortnite, which is arguably one of the world’s largest and most popular video games. Now in its 10th season, Fortnite has over 350 million accounts and 2.5 billion friend connections. Fortnite is more than just a video game, it is a “world of many experiences”. Players can choose a wide variety of activities, ranging from player vs. player competitors to just hanging out with friends and listening to a live Deadmau5 concert.
The Problem
With Fortnite’s immense popularity, the game has become a lucrative target for cybercriminals. The value of a hacked Fortnite account comes from the character’s in-game “skin”. This single digital costume is what makes these accounts so valuable and is at the core of the entire underground Fortnite market.
These Fortnite accounts are initially hacked via simple credential stuffing techniques using username-and-password combinations extracted from data. Those “combos” are then checked against Epic Games’ servers to look for valid Fortnite accounts. This method of finding valid Fornite accounts is extremely easy as many people fall into the trap of re-using their passwords.
Shedding Light On Millions of Dollars of Black Market Revenue
Night Lion’s dark web intelligence teams noticed a huge surge in the procurement and sale of these stolen Fortnite accounts, prompting us to begin our research. As we began to unravel the details of this underground cybercrime economy, we reached out to Epic Games’ security and legal teams to discuss our findings and offer our assistance. Unfortunately, Epic was unwilling to even have a conversation with us, claiming they had the situation under control.
As our research continued, it became clear that high-profile Fortnite vendors were clearing tens of thousands of dollars per month in stolen account sales. These vendors would use expensive public proxies to shift their IP addresses with each request, making it difficult for Epic Games to track their movements.
Forcing Security Through Public Awareness
Night Lion’s report on “The Fortnite Underground Cybercrime Economy”, added significant awareness to the ongoing gaming account black market, forcing Epic Games to finally get involved. Following the media coverage generated by our report, Epic implemented a CAPTCHA challenge with each login request, slowing down the credential stuffing attacks to a crawl. This meant that hackers could no longer test tens of thousands of password variations in a short amount of time, essentially causing a complete shutdown of stolen Fortnite account sales.
This slowdown lasted for approximately five months before hackers found a way to increase their checking speeds. As we write this now, in [January] 2021, account marketplaces are starting to pick back up, but are still nowhere near the level where they were this time last year.