Categories: Security

Stolen Twitter Credentials Worth Big Bucks To Criminals

Just like thieves targeting platinum and corporate credit cards five years ago, nowadays cyber criminals are paying more money for ‘platinum’ user credentials such as Twitter account details.

So warned data security specialist Imperva. According to the firm’s chief technology officer, Amichai Shulman, the price of a file of user credentials – known as a ‘dump’ in hacking circles – depends greatly on the Internet service(s) where they can be used.

“Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters,” he said.

“Today, however, there are reports of Twitter credentials changing hands for up to $1,000 (£628) owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application, and the ‘popularity’ of the account in question,” he added.

According to Imperva, the “going rate” for various web applications and services can vary widely. For example a Hotmail account is worth $1.50 (94 pence), whereas a Gmail account is worth $80 (£50).

Shulman believes that the disparity between the two prices is because Hotmail (as a service) “has fallen out of favour of serious Internet users, while Gmail’s all-round flexibility means it is central service for business users.”

Shulman said that this means that Gmail credentials can also give access to a range of Google cloud services, including Google Docs and Adword accounts.

“Google Docs,” Shulman explained, “can contain valuable additional information on the legitimate owner, while an Adwords account can allow criminals to manipulate existing and trusted search engine results.”

And Shulman believes it is a similar story with Twitter accounts, “but with the added dimension of the immediacy of a rapid-fire social networking connection.”

This was almost certainly the reason why it was reported that Twitter had blocked the accounts of some users, whilst they changed their passwords.

“Twitter accounts are so valuable to criminals that they will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities,” he said.

“If this isn’t a wake-up call to anyone with multiple IDs that use the same password, I don’t know what is. Internet users – especially those with business accounts – need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials,” he added.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

18 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

20 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

22 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago