Twitter hack reportedly originated with posts on a gray market forum

A poster advertised account access days before high-profile users got hijacked.

Sponsored Links

Karissa Bell
July 17th, 2020
In this article: Twitter, hackers, hacks, Social media, news, gear
BRAZIL - 2020/06/19: In this photo illustration the Twitter logo seen displayed on a smartphone. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
SOPA Images via Getty Images

The worst hack in Twitter’s history may have started on a forum known for trafficking in black market social media accounts. In the days before the hack, a user on message board OGUsers offered to “provide direct access to accounts for between $2,000 and $3,000 apiece,” according to security journalist Brian Krebs. 

OGUsers, where users frequently buy and sell social media accounts with handles that are considered desirable, has also been linked to the Twitter hack by TechCrunch and Reuters.

Krebs says his investigation found that the Twitter hack originated with a scheme to steal some of these types of “OG” accounts. Hours before the crypto scammers managed to get into the accounts of Elon Musk or Jeff Bezos, “the attackers appear to have focused their attention on hijacking a handful of OG accounts, including ‘@6,’” Krebs writes.

It’s not clear why or how they decided to shift their attention to the crypto scam that ensnared some of Twitter’s most powerful users, but Krebs reports the hackers were likely able to evade detection and circumvent Twitter’s two-factor authentication settings. 

Twitter still hasn’t shared details around how the hacks occurred, only saying that an employee was targeted by a “social engineering attack.” Motherboard previously reported an employee with access to Twitter’s internal account management tools may have been bribed into helping with the exploit.

Krebs further says he may have identified one of the hackers involved in the scheme: a 21-year-old student known for SIM-swapping who was previously linked to a hack that compromised Jack Dorsey’s Twitter account last year. 

Twitter has yet to comment on these claims, though the company previously said it’s “working around the clock” on the matter and to help users who are still locked out of accounts as a result of the hack. The FBI also confirmed that it’s launched an investigation into the hacks.  

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget