Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts

Cybercriminals are taking over verified "Gold" accounts on X, the social media service formerly known as Twitter — and selling them on the Dark Web for up to $2,000 a pop.

That’s according to research from CloudSEK, which has uncovered a "Gold Rush," as it were, of these accounts showing up in underground marketplaces.

The Gold badge on X means that the service has independently verified the account as legitimately belonging to a high-profile organization or a celebrity. It was introduced a year ago as a paid option after X made the blue checkmark — formerly a designation of legitimacy — a badge that anyone could pay to include on their profiles, no validation needed.

Cybercrime Riches via X Gold Accounts

Cybercriminals are now brute-forcing passwords and stealing credentials through malware in order to gain access to existing Gold accounts, according to CloudSEK researchers; more often, they are also taking over non-Gold accounts associated with real organizations that haven't been used in months and upgrading them to verified status. In all, hundreds of accounts with reach to tens of thousands of followers are on offer in underground forums.

Nefarious types willing to pay can then use the accounts to host phishing links, launch disinformation campaigns and financial scams, or impact brand reputation by posting damaging content.

"Dark Web marketplaces are flooded with advertisements selling Twitter Gold accounts," according to research the firm released this week. "Prices range from $35 for a basic account to $2,000 for accounts with large followings.”

Source: CloudSEK

The researchers illustrated the danger to organizations from the trend with a compelling example from September: Cyberattackers were able to take over an X account belonging to Vitalik Buterin, the co-founder of Ethereum. They then tweeted out an offer for purportedly free nonfungible tokens (NFTs), with a malicious link embedded that redirected users to a fake website designed to drain cryptocurrency from their wallets.

"Despite being active for about 20 minutes, the hackers managed to siphon off a staggering $691,000 [in] digital assets before removing the fraudulent post," according to the analysis.

How to Protect Against X Account Takeover

The value to crooks in infiltrating major accounts has been a known quantity since at least 2020, when hackers were able to compromise the internal networks of what was then Twitter, gaining access to verified accounts and sending out tweets on behalf of several high-profile individuals.

To protect themselves, organizations should "regularly monitor brand mentions on Twitter and implement strong password policies to protect against account compromise," CloudSEK recommended. Effective brand monitoring means identifying fake profiles, unauthorized product listings, misleading advertisements, and malicious content.