Hacked X accounts with gold checkmarks are for sale on the dark web, says study

Gold-verified accounts on X (formerly Twitter) are increasingly showing up in the social media sales sections of dark web forums and marketplaces, according to a study by Cloudsek.

The surge has to do with X’s new paid verification model, which has made verified accounts more valuable.

The old “Twitter Blue” program assigned blue ticks to verified accounts, without charging a fee. After Elon Musk bought Twitter in October 2022 and changed its name to X, he introduced a new model. Personal accounts can still get a blue tick if they pay an $8 monthly fee, but there’s no identity verification. Organizations, on the other hand, can pay $200/month to get their accounts verified. Businesses get a gold tick once X approves their account, while government entities get a grey one.

Beyond the dark web, Cloudsek saw advertisements selling X gold accounts on Telegram, indicating malicious campaigns are using these accounts on a large scale. Buyers can use these gold accounts to spread disinformation, job scams, and crypto scams, or lead people to phishing websites to harvest their credentials and PII (personally identifiable information).For instance, the research team at CloudSek was able to identify gold-verified corporate X accounts posting links to malicious sites similar to the company’s real domain name but in a different top level domain (TLD).

“The advertisements on the dark web can be traced back to multiple online shops and their marketing partners, such as Facebook, Telegram, etc.,” said CloudSek in a report. “Some X account providers have hosted their shops successfully for over four years and used the same medium to advertise Twitter Gold accounts.”

CloudSek was able to locate some of these advertisements by running basic searches on Google, Facebook or Telegram. By simply searching for the keywords “Twitter Gold buy” it was able to retrieve dark web advertisements marketed through Facebook, it said.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button