New security research has found that cybercriminals are abusing verification marks on X (formerly known as Twitter) by compromising passwords from verified accounts and selling them on the dark web or using them for their own scams.
Malicious actors who purchase these verified accounts have access to a large number of people who are under the impression that they are receiving content from the original owner.
However, the new account owner may post malicious phishing or financial scams that steal cryptocurrency, personal information, and other valuable data.
fool’s gold
The investigation, conducted by CloudSEK, examined how verified accounts on X were bought and sold on Dark Web forums and the significant financial disruption caused by scams carried out on stolen accounts.
The research found that a new X account would sell for around $0.30, but accounts older than 5 years with a Gold membership could sell for between $1,200 and $2,000. Prices also vary depending on the number of followers associated with the account, and an account with 28,000 followers is advertised for between $2,000 and $2,500.
Many of these accounts are compromised using brute force passwords, and as many of these accounts have often been inactive for several years, it is unlikely that any authentication or password security method has been implemented on the accounts.
We all remember the chaos caused by the launch of the original Twitter Blue subscription, which allowed users to subscribe with a small blue check mark next to their name, commonly associated with verified or trusted accounts. This led to impersonations of celebrities, including Elon Musk, and the impersonation of corporate entities.
To illustrate the dangers associated with these stolen accounts, CloudSEK drew attention to how the co-founder of Ethereum had his X account stolen in a cyberattack. Before they could secure their account again, the hackers posted a link to a fake website offering free non-fungible tokens (NFTs) and managed to steal $691,000 worth of cryptocurrency before it was shut down just 20 minutes later.
CloudSEK recommends that if you have an old X account that you don’t use, you close it and make sure to delete it, especially if it is a corporate account with a lot of followers, as they are more likely to be attacked. Make sure your accounts employ password security best practices.