Trading of stolen social media accounts has become quite rampant. In July 2020, Twitter accounts of over 130 high profile users and companies including Elon Musk, Barrack Obama and Apple were compromised.
Instagram has taken down over 100 accounts which were hijacked and sold for their high value usernames allegedly by members of an online marketplace called OGUsers, according to Reuters report. Access to compromised social media accounts with coveted usernames owned by a celebrity, brand, or those with individual letters and numbers are believed to have sold for tens of thousands of dollars on these marketplaces.
“Today, we’re removing hundreds of accounts connected to members of the OGUsers forum. They harass, extort and cause harm to the Instagram community, and we will continue to do all we can to make it difficult for them to profit from Instagram usernames,” a Facebook spokesperson told Mint.
According to industry experts, the crackdown was a concerted between several social media platforms including TikTok, which has also been working on stopping the practice. As per a Wired report, the short form video platform recently reclaimed several usernames being used for account squatting or impersonation.
Trading of stolen social media accounts has become quite rampant. In July 2020, Twitter accounts of over 130 high profile users and companies including Elon Musk, Barrack Obama and Apple were compromised. The hackers were able to reset the passwords of 45 of those accounts. According to cybersecurity experts, the hackers behind the attacks were also linked to the OGUsers community and used SIM swapping to break into social media accounts and log out their legitimate owners from it.
In SIM swapping, hackers first go after the cell phone numbers and try to take it under their control by calling up the phone company and using social engineering to convince them to make the change. Once the change is made, hackers use the cell number to reset the password and gain control over the social media account.
OGUsers has been breached three times since 2019 by more seasoned cybercriminals, which shows the value of these coveted social media accounts on DarkWeb.
According to cybersecurity firm Avast, OGUsers started operations in April 2017 selling shorter usernames, such as Adrian Lamo’s unused Twitter account, @6. Currently the group has over 50,000 registered users and over million posts.
Majority of social media platforms do not allow exchange and trading of usernames. Twitter in its username squatting policy clearly states, attempts to sell, buy or solicit other forms of payments in exchange for usernames are violation and may result in permanent account suspension.