An “underground” economy potentially worth a billion dollars a year, all from the apparently hacked accounts of popular video games like "Fortnite."
Night Lion Security, which specializes in digital forensics, has discovered a series of online marketplaces where stolen gaming accounts from just four popular titles, including Fortnite, allegedly generate about $700 million every year.
In the newly released report, shared with Fox ahead of its publication, Night Lion CEO Vinny Troia suggests the numbers of compromised accounts, and subsequent illicit profits, are only likely to keep growing as quarantines continue.
Troia, author of "Hunting Cyber Criminals," tells Fox that “video game accounts just happen to be one of the more valuable right now because more people are home from work and Fortnite is just the game many people are playing.”
He adds that while the market for stolen online accounts goes well beyond the world of gaming, "from our research, the black market for the buying and selling of stolen Fortnite accounts is among the most expansive, and also the most lucrative."
Troia says the project began with the monitoring of several "black-market auctions" where breached Fortnite credentials were being packaged and sold in groups.
Coveted upgrades for Fortnite players, known as “skins,” seem to be the heart and soul of the marketplace, but more nefarious purchases can apparently be made.
“Full access” accounts are available for a price, and allegedly grant the buyer access to the e-mail address associated with their newly purchased and previously stolen online goods. A variety of publicly available YouTube videos viewed by Fox, showing what appear to be successful purchases of full-access accounts, seem to confirm the practice.
Troia’s analysis of both high-end and lower-end sellers showed those on the high end averaging $25,000 a week, or a roughly $1.2 million a year, according to his report. For people trading stolen credentials on the "lower-end," profits were still in the ballpark of 5,000 a month, or $60,000 a year, yielding an overall average of $40,000 a month, or $480,000 for each seller per year in stolen account sales.
Not only are most consumers unaware when their accounts have been compromised, "hacked organizations rarely know where their data ends up," Troia points out. Even so, he argues that "to date, video game companies have not been successfully [sic] in slowing down this underground economy," especially with higher-end sellers of these accounts making between six and seven-figures in revenue annually.
Included in Night Lion’s report is a text message exchange with what appears to be a seller of hacked Fortnite accounts. “Fortnite during covid. Demand. 1m/week,” reads one message. “The demand was madness. The supply couldn’t match it,” they added.
Troia’s findings have already been shared with the FBI, according to PR spokesperson Monika Hathaway. And video game accounts aren’t the only hot items that seem to be fostering illicit multi-million dollar online economies.
“There are different markets and platforms for entertainment accounts,” Troia tells Fox. “HBO+ is really hot right now… but even more valuable are banking accounts,” which he says are traded on a variety of more-exclusive forums.
For video gamers, the problem isn't unique to Fortnite, either. Other popular titles like Roblox, Runescape, and Minecraft "appear even more profitable," Troia writes.
When combined with Fortnite's underground economy, the reselling of stolen accounts from just those four games is estimated to generate some $700 million per year, he says. And even that may be just scratching the surface.
"We can then confidently predict that an additional 30% revenue, or $300m/yr, can be generated by tallying the black-market sales for every other video game in existence, conservatively making the entire hacked video game market a billion dollar a year industry," Troia concludes.
"Fortnite" developer Epic Games did not immediately respond to a request for comment on this story.