Stolen Fortnite Accounts Sold as Part of $1 Billion Black Market


Tens of thousands of Fortnite accounts are being sold online daily in a black market for stolen video-game accounts that generates $1 billion annually, according to a report from Night Lion Security, which helps companies identify vulnerabilities.

Criminals are using automated tools that can check 500 accounts a second to discover if login credentials stolen in various recent data breaches unlock any Fortnite accounts. Some Fortnite accounts have valuable skins -- changing the appearance of a player’s avatar -- and can sell for thousands of dollars, said Vinny Troia, who runs Night Lion. An average account sells for $200 to $250, he said.

“They can’t keep up with demand for certain accounts,” Troia said. “They resell it to people wanting to play the game with that account. Maybe somebody just doesn’t want to spend 100 hours of effort to get there.”

Fortnite, a cartoonish fight-to-the-death battle royale where players thrash one another in a struggle for weapons and resources, has grown into a worldwide phenomenon since its launch in 2017. It has more than 350 million registered players.

Account takeovers are a common problem among both social-networking and gaming sites. But gaming accounts can be more valuable, due to the virtual items they hold.

While Fortnite’s developer, Epic Games Inc., prohibits sale of accounts, some users do so in violation of policy -- and some then ask the company to recover them.

Epic uses technology such as captcha, IP reputation and machine learning to “identify threats in seconds,” the company said. “Epic Games takes a sophisticated layered approach to protect our players,” it said. The company will “proactively block login attempts and automatically take action to secure any compromised accounts we identify,” according to a statement.

For its report, Night Lion talked with illegal distributors and stores that sell game accounts. Distributors market batches of thousands of accounts on services like Telegram and Discord. Owners of shady websites buy them, allowing consumers to simply find them by Googling “Fortnite accounts for sale.” One seller hawks $20,000 worth of Fortnite accounts a day, Troia said.

Hacked accounts from competing games like Roblox, Microsoft Corp.’s Minecraft and Jagex’s RuneScape are popular as well, Troia said. The four games add up to about $700 million in hacked account sales a year, he estimated, while the rest of video games round off the figure to $1 billion.

“Roblox, RuneScape, and Minecraft are three games that appear even more profitable,” the report said.

All the games have received a major boost thanks to pandemic-related lockdowns in the spring. As more people are spending more times playing, purchases of hacked accounts have ballooned, Troia said.

“Because of Covid, the demand has gone way up, there’s a general supply issue,” Troia said.

Night Lion shared its report, listing some websites peddling game accounts, with the FBI, Troia said.

©2020 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.