In 2020 so far, around two billion breached records have gone up for sale on various dark web markets, says report published on Data Viper Cyber-criminals are selling stolen gaming accounts to reap millions of dollars in profits, according to a recent report published by Vinny Troia, CEO at […]
The report published on Data Viper details how hackers are leveraging data breaches to steal and sell gaming accounts and reap millions in profits each year.
How it’s done
“In 2020 so far, we have an estimated additional two billion breached records that have gone up for sale on various dark web markets,” the report states.
“These hacked databases are then sliced up and resold, only to provide ammunition for credential stuffing attacks designed to identify valid accounts across different consumer products. These stolen accounts are then packaged and resold across a number of sub-ecosystems, the most profitable being the market for hacked gaming accounts,” Troia writes in his reports.
As part of the research, Troia and his team researched the black market for the buying and selling of stolen Fortnite accounts which is among the most “expansive.”
A few thousand accounts stolen in bulk on private Telegram channels can sell from anywhere between $10,000 and $40,000, as per the report.
“On the high end, sellers averaged $25,000 per week, or a roughly $1.2 million per year. The lower-end sellers yielded an average of $5,000 per month, or $60,000 per year, yielding an overall average of $40,000 per month, or $480,000 per seller/per year in stolen account sales,” the report said.
HackFortnite maker Epic Games does attempt to prevent credential stuffing by limiting mass account checks, a tactic used by hackers to steal accounts. Epic limits such checks by curtailing the number of logins per IP address. However, as per the report, hackers have found a way to dodge these checks using more expensive proxy services.
Similar tactics are used to steal and sell other popular account types including banking and cryptocurrency logins (for financial crimes) and media/streaming accounts such as Spotify, Netflix and Disney+.