One aspect of one's digital identity that is often overlooked is one's gaming identity, that is, everything that can be traced back to one's online gaming profiles.
It is now not uncommon to have one or more profiles on multiple gaming platforms, such as Battlenet, Steam, Epic, PSN, etc., to which real personal data and various payment methods such as credit cards, PayPal accounts, etc. are linked.
Introduction
For an OSInt analyst, these profiles, already the subject of a previous article, They are a very valuable resource for linking emails, passwords, and usernames to a personal digital identity. Despite this, their security is systematically underestimated by many users, who seem unwilling to fully understand their true importance, recycling passwords, not activating two-factor authentication, or other safety equipment made available to them.
These profiles, which at first glance may seem of no interest to organized crime, actually constitute a small treasure whose illegal trade is capable of generating a turnover of one billion dollars a year.
The Fortnite case
Let's take for example one of the most popular games of the moment: Fortnite. A recent report by Bloomberg and Night Lion Security has demonstrated how criminal organizations exploit automatic tools capable of verifying up to 500 Fortnite profiles per second, searching for those in which credentials, usually email/username and password, are reused in one of the many data breaches present online. What makes these profiles attractive is usually the presence of character skins or special weapons, graphic modifications that allow you to change the appearance of your character and can only be earned after completing specific game activities, long online sessions or being active during particular events.
The average value of a Fortnite profile on dark markets is around €170-€220. If the skins are particularly rare and no longer available, the value of these profiles can reach thousands of euros.
Is this news?
It is not a recent criminal phenomenon, given that in the past players of many virtual worlds, such as World of Warcraft or Counterstrike, whose rarest weapons or skins they can reach the value of tens of thousands of euros, have often been subject of phishing and profile theft activities. Rather, we are seeing an acceleration, driven by the growing demand for these products resulting from the impact of COVID-19 on the lives of many who, having more time to dedicate to online gaming, have decided to find shortcuts to immediately have characters equipped with powers or weapons that can only be obtained after dozens of hours of gameplay.
Is there anything I can do to protect myself?
As already mentioned, there is the possibility for legitimate owners to mitigate this problem by using some simple precautions such as:
- Use of unique credentials, usernames and passwords
- Adoption of two-factor authentication where available
- Do not store your credit card, PayPal, etc. payment information.
- Unlink these profiles from your real digital identity.
Leave a Reply