A surge of fake or stolen X Gold accounts has flooded both surface web and dark web marketplaces and forums over the past year, according to a report by CloudSEK. Since the introduction of Elon Musk’s verified accounts program in December 2022, threat actors have utilized various techniques to forge or steal X Gold accounts. CloudSEK identified the first advertisement for a Gold account on dark web marketplaces in March 2023, leading to a proliferation of X Gold account ads on the dark web alongside fake or stolen accounts from other platforms. Cybercriminals employ methods such as manually creating fake accounts, brute-forcing existing accounts, and using malware to harvest credentials.
Prices for these fake or stolen accounts vary, ranging from approximately $0.30 for a new X account without a checkmark to around $500 for a Gold account. All transactions are conducted through a middleman who ensures the authenticity of the accounts and the funds from the purchaser. The report highlights the potential risks associated with hacked or compromised social media accounts, such as spreading phishing campaigns and damaging the reputation of the account owner. CloudSEK provides the example of Ethereum co-founder Vitalik Buterin, whose compromised X account was used to post a deceptive message offering free non-fungible tokens (NFTs) and directing users to a fake website that resulted in the theft of $691,000 in digital assets.
CloudSEK recommends mitigation measures for organizations, including closing dormant accounts that have been inactive for an extended period and implementing an alerting system to be warned of stolen corporate social media account credentials. The report emphasizes the importance of training employees in cybersecurity practices, regularly updating password policies, and educating against the use of cracked software to prevent credential theft by malware.