Twitter Hacking Victims Find Stolen Accounts Sold on Black Market
Eric Weaver tried logging in to his Twitter account this summer, but he was locked out. A hacker had broken into his account and changed the password. But it didn't end there.
With a little digging, Weaver found that his Twitter handle — @weave — was being sold in an online forum at HackForums.net. With more digging, he also found that software was being sold online to automate the process of quickly hacking dozens of Twitter accounts.
"I was surprised this was all happening so openly," said Weaver, an advertising executive in Seattle. The hackers "are able to operate with seeming impunity."
Weaver's experience is not unique. Other Twitter hacking victims have also discovered that their accounts are for sale in online forums like ForumKorner.com and HackForums.net, where coveted one-word Twitter handles are sold in bulk for as little as $10.
This week, Twitter user Daniel Dennis Jones detailed in a Storify post how his Twitter account — @blanket — was hacked, stolen and put up for sale on the black market. Jones said he communicated with his hacker, who claimed to be a 14-year-old South Dakota teen who hacks and sells one-word Twitter accounts. Jones has since regained access to his account.
Experts say the underground market for Twitter accounts and the apparent ease with which they are stolen raises questions about security at the popular micro-blogging site. Most companies have built systems to prevent hackers from repeatedly guessing passwords, said Chester Wisniewski, a researcher at cybersecurity firm Sophos.
“Why is Twitter not doing that?” Wisniewski said. “This has been going on for a long time. It’s not going away and Twitter doesn’t seem to be doing anything about it.”
Twitter did not respond to repeated requests for comment.
In his post on Storify, Jones said the teenager who claimed to be his hacker told him that hackers could mask the IP address of their location by exploiting a loophole in Twitter security.
Such software — known as a “Twitter cracker" — can be easily purchased online.
"It's very well worth it,” one seller recently said on ForumKorner.com, which was not working at the time of publication. “With this you can upload more than 10,000 passwords and it automatically checks the login and if it doesn't work it moves on to the next one.”
Hackers also use the site to sell the stolen accounts, sometimes in bulk. Last week, a hacker who went by the name of Gumbo posted a list of more than 30 recently-stolen Twitter names for sale — including handles like “gadgetry” and “compadre" — on ForumKorner.com.
Another hacker claimed to have stolen the Twitter handle @Fend and vowed to “begin the bidding at $30.” Still another, who went by the screenname Spongebob, was selling “a 20-pack of 4 character Twitter handles for $10." Among the accounts for sale were @Nona, @Pina, @Zala and @Wexa.
Such short, one-word Twitter handles are in high demand. They are not only easy to remember, but they also give users a few extra characters to express themselves within the 140-character limit. Last year, the Wall Street Journal reported that easy-to-recall Twitter handles like @adam or @megan have become "a stylish totem in the tech world."
In August, tech reporter Mat Honan revealed how his digital life was destroyed after hackers targeted him because of his short, unique Twitter handle — @mat. Instead of trying to sell the account, they appeared to use @mat as a platform to broadcast racist and homophobic messages, Honan wrote.
Rob Bertholf, who owns the Twitter handle @rob, said his account has never been hacked. But he suspects hackers often try — albeit unsuccessfully — to break into his account because he receives weekly email notifications from Twitter notifying him that someone is trying to reset his password.
“No doubt in my mind that I have been targeted many times,” Bertholf told The Huffington Post.
Weaver, the Seattle advertising executive, said that after his account was stolen, he was able to trace his hacker’s identity to a 20-year-old Miami man. He said the hacker was also selling other accounts: @Bond, @Mock, @Four, @Strung, @545 and @Mind.
"Selling or accepting trades only," the hacker wrote under the screen name "Darent." "I will show proof to serious buyers."
Weaver said he contacted Twitter, but did not regain access to his account for three weeks — and only after a friend called one of his contacts who worked at Twitter. During that time, his said the name linked to his account was changed to "Jaimi in Brooklyn."
He said that getting his account stolen was particularly embarrassing because he is an ad executive whose work revolves around social media.
"My Twitter followers are friends and business colleagues," he said. "They were confused by my sudden fascination with hair, nail and certain R&B acts."
Weaver said he has since strengthened his Twitter password by making it 15 characters long and more complex, but added that the person who he thinks hacked his Twitter account continues to operate openly online.
“They’re just bored kids,” he said. "They think they're invincible."