July 16 (Reuters) - Before a hacking campaign tore through Twitter and compromised some of its most high-profile users, an ad went up on a gray market site that facilitates the trade of user accounts for popular websites, including not only Twitter but Netflix, Instagram, Minecraft and others.
For $250 in digital currency, the seller promised, they’d reveal the email linked to a Twitter account. And for $2,500, the buyer would get the account itself - satisfaction guaranteed.
“You will be given a full refund if for any reason you aren’t given the email/@,” the poster said, describing the Twitter account with an @ sign.
The ad, a screenshot of which was provided to Reuters by Hudson Rock, an Israeli company that monitors online forums for stolen credentials and breached data, was an early indication that all was not well at Twitter, a company which is still reeling from the hijacking of a slew of VIP accounts, including those belonging to reality television Kim Kardashian, rapper Kanye West, Amazon.com Inc founder Jeff Bezos, and Microsoft Corp co-founder Bill Gates.
Although the details are still coming into focus - and Twitter and the FBI are still investigating - the fact that early word of the hack spread on a forum popular with gamers and Instagram account swappers suggests that the incident likely had a nexus with low-level cybercrime rather than nation state-level subterfuge.
“This doesn’t look like a particularly sophisticated hacking group,” said Roi Carthy, the chief executive of Hudson Rock.
An administrator at OGUsers, the account trading forum, confirmed that the screenshot was authentic, telling Reuters that the user selling the ad - named “chaewon” - was suspended once those that ran the site realized what was happening.
He added that the site explicitly bans trading accounts acquired through hacking. In theory, social media companies like Twitter and Instagram ban the sale of accounts, but the administrator said internet firms “pick and choose when to enforce that rule” and that the practice was widely tolerated.
“If it was a truly slightly more sophisticated attack, it would’ve been stock market manipulation,” said Carthy. (Reporting by Raphael Satter and Joseph Menn; Editing by Aurora Ellis)
Our Standards: The Thomson Reuters Trust Principles.