A study by CloudSEK, a cybersecurity firm, has revealed that there is an increase in sales of compromised X accounts with the Gold verification badge on dark web marketplaces and forums.
The study titled: Gold Rush on the Dark Web – Twitter Gold noted that the ease of obtaining a Gold checkmark on X (formerly Twitter) has attracted malicious actors to purchase and compromise accounts to further their nefarious activities.
It further stated that threat actors can use Twitter Gold verified accounts to spread disinformation, conduct phishing attacks, and steal users’ sensitive data, which puts both individuals and organizations at serious risk.
“A hacked or compromised Twitter account can be exploited to mass spread phishing campaigns. This, in turn, damages the reputation and brand of the company whose account was compromised, clearly displaying a lack of stringent security policies and a weak incident response plan,” part of the report read.
X Gold is a premium feature that was introduced in 2023. It gives accounts a gold badge in addition to the blue and grey tick, which represents authority and brand awareness.
According to the research, these types of accounts are widely accessible for purchase on dark web platforms, with prices ranging from $35 for a basic account to $2,000 for accounts with substantial followings.
To get access to these accounts, threat actors are employing techniques like brute-forcing passwords and credential theft. After being obtained, the accounts are then used for a variety of nefarious activities, such as phishing, scam activities, and impersonating real accounts.
“When an unused and inactive account is replaced with threat actors’ data, the primary user is locked out from recovering the account. Once a complete account takeover occurs, the threat actor subscribes to the Twitter Gold package for 30 days.
“The service package offered by the threat actors ensures that the buyer has no hassles with the account for 30 days, and in the meanwhile, the scam campaign has achieved its goal through that account,” the study highlighted.
The malicious link embedded in the tweet directed users to a fake website designed to drain cryptocurrency from their wallets. Despite being active for about 20 minutes, the hackers managed to siphon off a staggering $691,000 digital assets before removing the fraudulent post.
The report also offered some recommendations for reducing hazards in organizations. It suggests educating and training staff members on workplace cybersecurity procedures while adding that password regulations should be updated, such as by routinely changing account passwords, and employees should be made aware of the risks associated with using cracked software.
Seasoned fact-checker and researcher Fatimah Quadri has written numerous fact-checks, explainers, and media literacy pieces for The FactCheckHub in an effort to combat information disorder. She can be reached at sunmibola_q on X or [email protected].