Browsing infamous third-party online video game stores

I take a peek at the infamous third party online video game stores for codes, accounts, and skins. Are they tied to video game scams and fraud?

Michał Barbaś

Intelligence Specialist
Vector

9 September 2020

Group

7 min read

An interesting quote from a recent Vice article “The Pursuit of Cheap Video Games Has Been Getting Switch Owners Banned” paved the way for me to explore the topic of third-party online video game stores:
Most games cost $60 these days, and if you want to play a lot of them, that can add up quickly. It's one reason why many players turn to third-party online stores, where they can buy Nintendo games for cheap instead of buying them from Nintendo directly.

Third-party online video game stores - a big surprise!

I was curious why players would turn to third-party online stores for game codes, in-game currency, skins, accounts, etc. Of course, the re-sellers offer discounts, but aren’t the sites sketchy and tied to scams? Maybe some of the buyers are not attempting to steal a game, they simply think they are buying an extra game code from a third-party market. Video game companies certainly warn against using them and have locked accounts and banned certain transactions tied to them. I was told by a hardcore gamer friend that real gamers don’t use third-party sites. But who am I to judge who is a real gamer and who is just a passionate player with limited financial resources?

Well, I decided to check it out for myself. I asked a colleague at Nethone who specializes in studying the darknet markets for some examples of these third-party sites. He sent me a long list. And I didn’t even have to download TOR to access the darknet markets. They’re available for easy access on the regular web, aka the Clearnet.

Here’s what I discovered after a bit of exploration. Some of the results were surprising.

One of the first that I checked out was https://juicy.atshop.io/gaming-accounts. At first glance, it kind of looks like a regular e-commerce or digital goods site.

Maybe I was expecting something nefarious with lots of darknet-style jargon, but instead, I found a slightly shabby but professional enough-looking site with a wide selection of game accounts to choose from. It even looks somewhat user-friendly and customer-focused. The prices are very low (much lower than I expected), and there’s a vendor rating system, and an indicator of how much merchandise is in stock.

I decided to attempt to purchase a couple of FIFA 20 accounts. What happens when you click on “Purchase”?

third-party-purchase-fifa-20

A quantity of two, at .75 cents each, equals $1.50. Obviously, it’s cheap compared to $60 or 50 Euro. So far so good. Let’s check out.

third-party-purchase-email-box

OK, so now the third-party site and seller have my email address. Yay. Or yikes (?). It’s a pretty simple transaction flow. But like all digital goods, it usually is a pretty straightforward, quick process to buy and receive the product.

I was surprised to see that some of the third-party sites state that they are concerned with fraud and scams. https://spilz.atshop.io/ indicates that it has identity verification protection measures. Have a look at the left side of the screenshot:

third-party-accepted-payment

They request that you provide your real phone number “to verify you are whom you claim to be.”

Vendors even ask for positive feedback on social media to boost their seller profiles. This one offers skins and accounts for Fortnite in return for positive reviews:

third-party-social-media

atshop vendors are easily found with a Twitter hashtag or on Discord:

third-party-atshop

In addition to atshop, another popular third-party online marketplace is Shoppy. The Shoppy app is available for easy download on the Apple Store and Google Play:

third-party-shoppy-app-page

Shoppy appears to be less visually appealing than the typical atshop stores, but I suppose the offering speaks for itself (below): a random Steam account, 12+ games, with a good nickname no less, for 1.50€:

third-party-shoppy-example

Maybe this is a legitimate transaction. Maybe someone is just selling an account that was made available by some player who grew weary of the 12+ games and decided to move on from Steam to EA Origin, Ubisoft, Nintendo, or some other game ecosystem. Maybe the user quit gaming altogether! There are many possible scenarios.

As an Intelligence Specialist at Nethone, here is my sobering perspective: When you check similar sites by audience overlap for Shoppy in Alexa, in the first position is cracked.to (hacking forum with a huge accounts market); in the second position is nulled.to (another hacking forum with a huge accounts market); in the third, we see sellix (a Shoppy clone) and in fourth place, we have throwbin.io (a pastebin often used to share free login and password combo lists).

third-party-online-video-games-store-shoppy

So Shoppy is strongly correlated with sites that sell stolen account information.

Closing thoughts on third party online video game stores

My impressions? The third party online video game stores look less nefarious than expected, mundane even, offer a huge selection at insanely cheap prices, and are easy to use. I can see why they’re popular.

Aaannd they’re tied to video game scams.

Since they’re more accessible than ever, have been around for a while and probably aren’t going anywhere anytime soon, perhaps all parties involved, including the video game companies, retailers, distributors and all of the Shoppys, sellixes, and the atshops of the world should invest in fraud prevention solutions. It won’t stem the tide of sales of stolen accounts, but it would address the issue of transaction attempts with stolen credit card information and automated money laundering. Machine Learning could also be used to help secure in-game transactions, which are a source of chargeback fraud, friendly fraud, stolen accounts and game codes.

Ready to detect fraud just like Azul?

Ready to detect fraud just like Azul?

Start measuring fraud attacks today and find out if there are bots attacking your site. Arrange a call to discuss a tailored solution or explore our platform for free.

Book a call