Ads for the Sale of Fake and Stolen Twitter Accounts Flood the Dark Web

Last year, fake and stolen X (Twitter) Gold accounts flooded online and dark web marketplaces and forums, according to a CloudSEK report. Cybercriminals have been using multiple techniques to counterfeit and steal X Gold accounts since the company introduced a new verified account program in December 2022.

Twitter Gold, now X Gold, denotes a verified organization’s account on the platform. This label was introduced alongside Twitter Blue, now X Blue, a tick that any user can purchase if they want a premium account, and Twitter Grey, now X Grey, for public and non-governmental organizations.

CloudSEK researchers noticed the first ad for a Gold account on dark web markets in March 2023. Since then, a wave of ads for X Gold accounts on the dark web has been noticed, in addition to ads for fake or stolen Facebook, Instagram, Yahoo and TikTok accounts.

Cybercriminals selling these accounts use several methods to obtain them, including manually creating fake accounts that advertisers verify and then “ready to use” for customers. This is ideal for criminals who need a fake identity, according to CloudSEK. Another method is hacking existing accounts: cybercriminals take over a user’s existing account using a generic combined list of usernames and passwords. Tools used for this are, among others, Open Bullet, SilverBullet and SentryMBA. The third method involves using malware to collect credentials and steal accounts.

Prices for fake or stolen accounts range from about $0.30 for a new X account without a tick to about $500 for a Gold account. All purchases are made through intermediaries, guaranteeing the authenticity of sellers’ orders and buyers’ funds. Such ads also provide multiple opportunities for cybercriminals to become guarantors because large sums are at stake. In addition, such accounts can be resold, which opens up a whole market of resellers of compromised accounts, CloudSEK researchers say. Hacked social media accounts can be used for phishing campaigns. They can also be used to damage the account owner’s reputation.