Connect with us

Epic Games

Fortnite hackers making a fortune from reselling stolen accounts

Published

on

Teenage hackers have been making a fortune from selling stolen accounts for the popular online game Fortnite, it emerged this week.

Players have been reporting stolen accounts for a while, but this week the extent of the “Fortnite cracking” problem was revealed. The BBC interviewed one Slovenian teenager who said he had made £16,000 (around $20,000) in the last seven months.

The attackers access the accounts using a technique called credential stuffing. They search lists of exposed usernames/email addresses and passwords obtained from the hacks of other online services that are posted online. They then try using these credentials to log into Fortnite’s site. When one of these credentials works, it’s because the legitimate Fortnight gamer reused their password from another service.

A successful account thief doesn’t know what they’ll get. It could be a valueless newbie’s account or something with more valuable electronic items.

Created by Epic Games, Fortnite is a gaming phenomenon, with earnings estimated in the hundreds of millions of dollars. It comes in various versions but the most popular is Battle Royale, which pits 100 players against each other in a gradually decreasing circle of play. The last player standing wins.

Its users can earn or buy the game’s internal currency, called V-Bucks. They can then use this currency to purchase in-game accessories like character models, skins for their backpacks and weapons, and emotes (such as dances for their characters to perform).

Some of these items are extremely rare and are worth a lot of money in the real world, so intruders that steal an account with valuable items can sell the account on for a big profit, sometimes making hundreds of pounds.

Users can make it far harder for attackers to steal their accounts by turning on two-factor authentication (2FA), which Fortnite supports using either a mobile authenticator app or via email.

Fortnite offers players incentives to turn on 2FA, like backpack slots and a Troll Stash Llama, along with a free emote. Still, many players still aren’t taking the hint.

When a hacker steals an account, there may be a window for the victim to reset their password, but the hacker might get there first. If the hacker switches on 2FA, they block the user from accessing their account.

However, even users that do turn on 2FA could still be vulnerable if they use the email-based 2FA option. If they’re reusing the same passwords across their Fortnite and email accounts, then the attackers could steal their email accounts too and intercept any communication from the game’s security system.

This isn’t the first time that gaming accounts have been stolen and traded online. In 2017 Riot Games, which makes League of Legends, went to court to stop someone operating a website that it said traded in stolen accounts. In 2014, the Guardian noted that crooks were also stealing accounts for the online gaming service Steam using botnets and then selling them online.

There have also been several incidents of password thefts from gaming forums, including a forum breach at Epic Games in 2016. Forum account thefts could let players into a gamer’s online game account, if they used the same login credentials, although Epic protected its passwords by salting them with extra data, making them far more difficult to crack.

The takeaway here is that if you haven’t turned on 2FA, you should do so now, not just for Fortnite but for any online service that supports it. Use complex passwords and a password manager, and never reuse your passwords. If you have reused passwords, go and change them now.

Continue Reading
Click to comment

Leave a Reply

Battle Royale

Chapter 3 Season 2 Live Event: Everything we know so far

Published

on

By

The first live event of Chapter 3 is expected to take place in less than six weeks. Here’s everything we know so far, based on various leaks.

Leaked Map Stages

All future stages for the territories controlled by both The Seven and Imagined Order have been leaked by data-miner Hypex. The maps show the Resistance will retake control of most of the Island, leaving only Command Cavern and Loot Lake for the IO. The final stage will lead the story directly into a live event, with the Imagined Order having little options left for victory.

Leaked Quest Voice Line

Epic also recently added new voice lines for the upcoming Week 6 Quests which, when reviewed closely, appear to tease the main story of a new live event. The Agent Jones character claims “one of the IO’s Doomsday devices is now in production”, seemingly hinting that the new event could be related to Chapter 2 Season 2’s The Device, which was also focused around a “Doomsday Device”.

A transcript of the Agent Jones voice lines can be found below:

“This will not come as a surprise, but IO management loves Doomsday machines – loves them! There’s even a doomsday division at HQ, oh man their softball team is awful but they will one day destroy us all so… kind of a wash. We have very credible intel that one of the IO’s Doomsday devices is now in production. We need to find out everything we can while we still can. Hit the field, I’ll prep the cameras . . . I have a very bad feeling that we are not ready for what we’re gonna find out.”

Doomsday Landmark

According to Fortnite data-miner GMatrixGames, a new Landmark code-named ‘DDMachine’ has been added to the game’s tags, suggesting that the Doomsday Device described by Agent Jones could be added to the map in the future.

Less than six weeks remain until the potential live event. We’ll keep you updated with the latest leaks and official announcements.

Continue Reading

Battle Royale

Boogie Bomb and Rift-To-Go Unvaulted Until April 25

Published

on

By

In preparation for the upcoming item vote, the Boogie Bomb and Rift-To-Go have both been unvaulted for a trial period until April 25.

Players can now find the items scattered throughout the Island from Chests, Llamas, Supply Drops, Loot Sharks and ground loot. Once the short trial period ends on April 25 at 8AM ET, new gold funding stations will go live in-game on the following day to let players “fund” the item they want to see return permanently (for the rest of Season 2). The item that becomes 100% funded first will automatically be reintroduced to the loot pool as soon as the goal, of which the exact value is unknown, is reached.

We’ll keep you updated on which item gets unvaulted.

Continue Reading

Battle Royale

Leak: S.T.A.R.S. Team and El Chapulín Colorado to Return Very Soon

Published

on

By

Fortnite has re-added multiple Item Shop sections to its API, meaning they will be available very soon. Five existing sections have also been removed, suggesting Epic doesn’t plan to bring those Sets back to the Item Shop for a while.

Re-added Item Shop Sections:

  • S.T.A.R.S. Team
  • El Chapulín Colorado
  • Wu Wear (new)

Removed Item Shop Sections:

  • Silk Sonic
  • Chloe Kim
  • Cobra Kai
  • Jordan
  • Turn The Music Up

The ‘Wu Wear’ section, which was added to the API today, will contain the new Wu-Tang Clan cosmetics; featuring two Outfits, two Bundles and more.

We’ll keep you updated if any additional sections are changed.

Continue Reading

Fortnite Item Shop

Weekly Challenges

Top Posts & Pages

SypherPK Fortnite Settings
NEW PRIVATE FORTNITE CHAPTER 3 SEASON 1 HACK ESP AIMBOT
Fortnite Eon Cosmetic Set + 2000 V-Bucks Xbox One
Fortnite Item Shop – Sunday, April 14th, 2019
Fortnite Double Helix Bundle Switch
Fortnite Item Shop - January 14th, 2022

Advertisement

Trending