Notable hackers, such as Gnostic Players and Shiny Hunters, have been responsible for a significantly large number of corporate and government breaches in recent history – with expert observers indicating that the cybercriminals have specialized in stolen user data that goes into fueling a robust international cybercriminal enterprise.
Thanks to the growing economy of stolen user data, a host of cybercriminal groups have been leaking databases of consumer information to be supplied to private buyers who repurpose the information for individual hacking campaigns.
Ideally, the compromised databases are usually disintegrated and resold, a function that enables the launching of credential stuffing attacks created to identify authentic online accounts within various consumer spaces.
The stolen accounts are effectively packaged to be marketed across a wide range of ecosystems like the darknet. Among the most profitable cybercriminal frontiers is the hacked gaming industry where the video game accounts belonging to Fortnite, Roblox, and Minecraft are sold to black market actors across the planet.
Just recently, the cybercrime research organization Data Viper published a report that elucidated the sale of stolen online accounts – with an illustration about how threat actors acquire tens of thousands of Fortnite accounts to be resold for figures reaching $2,500 each.
Quite obviously, the report may come off as shocking to Fortnite players – with the provision for Fortnite account hackers to reinforce what they already know, the world of hacking gaming accounts presents massive economic benefits.
According to the report, the greatest security loophole emanates from players picking usernames and passwords affected by past breaches.
Point to note, even if a specific set of data was hacked years ago, or if the said information was obtained from non-gaming platforms, there exists a long list of programs that may still possess the information in their databases.
The occurrence of such automated systems is what hackers exploit, with such frameworks being capable of effecting a number of variations, including adjustments in character capitalization, numbers, symbols, or arrangement of characters forming the sensitive user credentials.
Further, the report intimated that some threat actors have chosen to license proxy rotators, which are used to circumvent possible detection by Fortnite’s Epic login attempt limitation. Other hackers will use a scanning mechanism to locate skins and similar valuable items to be used in their campaigns.
Then, a breached account is resold via the dark web to interested buyers who would part with between $25 to $2,500 – with prices being determined by a number of factors including the amount and type of Fortnite skins.
It turns out that the value of an account can skyrocket if its sale includes a player’s stolen email account since such a bundle will mean that Fortnite’s creators cannot revoke buyer access to the game.
Importantly, the report said that the amount of money made by threat actors involved in hacking Fortnite players stands at $1 million per year.
A Cyber Safety Tip
Certainly, the Fortnite case study highlights a very important point – the usernames and password combinations needed for site logins are profitable items on the dark web.
As reported by one dark web audit by threat intelligence firm Digital Shadows, about 15 billion stolen logins from an excess of 100,000 hacking campaigns are available for cybercriminal use – with hackers choosing to sell the information to credential stuffing experts or give them away at no cost.
Quite obviously, it is therefore a bad idea for you to reuse the same login credentials, across different online accounts. The fact that one successful hacking attack leads to the compromise of other platforms mean that users are constantly within range of attack by cybercriminals, particularly the credential stuffers.