A Thursday BBC report takes a look at the state of Epic Games’ mega-popular game Fortnite through the eyes of a particular audience: its black market of account thieves. After speaking with “about 20” perpetrators, reporter Joe Tidy put together a report that breaks down what’s being stolen and resold, how it’s happening, and what the game’s players can do to shore up their own accounts.
The resulting story shouldn’t surprise anyone in the infosec world, and it doesn’t expose any apparent data leaks on the part of Epic. But it’s a reminder that a few modern trends have come together in convenient fashion, ready for any enterprising script kiddie to tap into, and that users should know how a mountain of years-old data leaks can come back to haunt them.
Off-the-shelf, off your old passwords
The report begins with a teenaged Fortnite fan speaking to the BBC via webcam with his identity hidden. He got into the Fortnite-theft game inadvertently, he claims, by starting as a victim. The bad news began when he received email alerts from Epic Games—one saying his account’s email address had been changed, and another saying that two-factor authentication (2FA) had been turned on (and attached to a phone number that wasn’t his). His original account was totally lost as a result, the teen alleged.