Verified X ‘Gold’ accounts of the social media platform X are being taken over en masse by hackers. Subsequently, these accounts are being traded on the darkweb, as security researchers from India’s CloudSEK found out.
In 2023, X introduced its so-called X Verified or Gold accounts for the social media platform. These paid accounts indicate that X has independently verified that the account legitimately belongs to a well-known company or celebrity.
This option should give these companies and individuals more security, after the company also made the familiar blue checkmark accessible to all users as a paid verification option. For years, this was considered the sign that an account was authentic until, under Elon Musk, this system was revamped.
Trading in hijacked X Gold accounts
CloudSEK’s research shows that X Gold accounts are now being attacked and hijacked en masse with brute-force attacks. In addition, they also appear to be taking over non-Gold accounts of (well-known) companies that have not been used for a while. These are then upgraded to an X Gold account and further traded.
According to the research, hundreds of X Gold accounts are now being traded on the darkweb. There, these accounts cost an average of $2,000 each. Malicious buyers can then use them to spread and host phishing links, start disinformation campaigns, set up malicious financial operations or use fake content to damage the reputations of companies or individuals.
Countering breaches
To protect their X Gold accounts, companies and acquaintances should therefore monitor entries on X more frequently to check whether they have been compromised.
Examples include detecting fake profiles, unauthorized product entries, misleading ads and other malicious content. In addition, companies and individuals must implement very strong passwords for login credentials.
Also read: Mandiant’s X account hacked