This archive report was first published on 17 July 2020.
On the eve of a massive hacking campaign that compromised high-profile Twitter users, a suspicious ad appeared on a gray market site that trades user accounts for popular websites, including Twitter.
The ad, which was later confirmed to be authentic by an administrator at the account trading forum OGUsers, promised buyers that they would receive a full refund if they didn't receive the email linked to a Twitter account.
For $250 in digital currency, the seller claimed to reveal the email linked to a Twitter account, while a buyer could purchase the account itself for $2,500.
The ad was a red flag for Twitter, which was still reeling from the hijacking of VIP accounts belonging to reality TV star Kim Kardashian, Amazon.com founder Jeff Bezos, and Microsoft co-founder Bill Gates.
According to Roi Carthy, the chief executive of Hudson Rock, an Israeli company that monitors online forums for stolen credentials and breached data, the hacking group behind the incident was not sophisticated.
"This doesn't look like a particularly sophisticated hacking group," Carthy said.
Researchers also noted that the earliest reported hacks were of short Twitter handles, like @6, before accounts for bitcoin exchanges and celebrities were compromised.
"When you have these less professional criminal groups, you see chaotic outcomes," said Allison Nixon, chief research officer at security consultancy Unit 221B. "One member might stumble across a powerful hack, and it spirals out of control. That's probably what happened here."