Hijacked Twitter account sheds light on thriving black market for handles

Twitter Bird Cage

[Attention: The reporting below requires referencing profanities that may make readers uncomfortable.]

In case you needed yet another example of why a simple password can come back to haunt you, a recently hacked Twitter account should have you heading over to your account settings. Daniel Dennis Jones, who had the Twitter handle @blanket, discovered that he was not able to access his account and realized that his password had been changed. After digging into the issue further, he found an alarming number of security flaws and lack of preventative measures on Twitter’s end. 

There’s a black market for Twitter handles, where commonly used names are being sold for less than $100 or simply being handed out to friends for what’s come to be known as the “lulz” — an Internet meme meaning “just for laughs.” Turns out, this is exactly what Jones fell victim to. 

Jones’ entry into the world of Twitter jacking began on Saturday when he was notified that his password had been changed. However, he was still logged into Twitter on his phone and eventually was able to gain access to his account via his email address only to realize that his user name was changed to the very NSFW handle @FuckMyAssHoleLO. Otherwise, nothing else on his account had been changed. After some digging, Jones had discovered an underground network of young kids who were jacking Twitter accounts with common (and short) names for pocket change. @blanket, he found was selling for only $60.

Jones recounted his experience in Storify: “Twitternames that would have high value due to brevity: @hah, @captain, @craves, @abound, @grinding.”

The medium for selling cracked passwords that @blanket and other hijacked accounts were being auctioned off was ironically through Twitter, and also a forum called ForumKorner. If you visit the forum, you’ll find anonymous individuals selling anything from jacked Minecraft accounts to Twitter usernames. 

So why is it so simple to crack Twitter passwords? First at fault might be the user. Simple passwords that can be found in the dictionary can be easily uncovered using the Brute Force Dictionary method. If you’re using a password like “Zebra” for example, it’s only a matter of time before the algorithm that rapidly inputs dictionary words to crack an account eventually enters the correct password, “Zebra.” But in Jones’ case, as he explained to Digital Trends, the password that he used was not as easy to crack as you might expect. His was a combination of a name and some numbers.

More notable is the way that Twitter built its security and account input system makes it easy for anyone with the right program to hack the account. What Jones discovered was that Twitter seeks to prevent a large number of attempts that a single IP address attempts to access a Twitter account. It’s a weaker system that makes it susceptible and easier to hack. Most social networks will only offer a limited number of attempts to access the account itself. What this means is that simply by using multiple IP addresses, through a proxy for example, and an algorithm that changes the IP address (before the CAPTCHA pops up), you can attempt to breach an account for as many times as the number of IP addresses that you’re using. 

There’s an underground, albeit rudimentary, economy for stolen social accounts that may not be at the forefront of our minds like identity theft and the sales of social security IDs, but does in fact thrive. Jones was briefly immersed in the world when he went so far as to talk to a purported Twitter jacker, who was just 14 years old, and explained to Jones that Twitter was particularly easy to crack when compared to a site like YouTube.

He also learned that some of these kids are contracting hackers to hijack specific accounts, whether to use for themselves or to “give to a girl,” which was the reason that @blanket was targeted. “These kids decide they want a username and just sit there and wait for the jacker to get it for them,” Jones explained. “One kid I saw on Twitter, said it took him 3 or 4 hours to crack a password for a username that he wanted.”

If you’re using a vulnerable password, it’s really in your best interest to change it fast. If you happen to get your account stolen it’s unlikely that you’ll ever get it back, although Jones did get his account reinstated but only likely after publicizing his experience.

Computing

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 
Mobile

Flex your thumbs (and your brain) with these fun texting games

Gaming consoles keep getting more advanced, but you can still have fun with the good old Latin alphabet. Here are our picks for the best texting games, so you can make the most fun out of that limited data plan or basic cell phone.
Movies & TV

Stranger Things season 3 is coming! Here’s everything we know so far

With a sophomore season as strong as its first, Stranger Things is now moving on to season 3. Here's everything we've learned so far about the Netflix series' upcoming third season, premiering in July 2019.
Cars

Say goodbye to Uber for good: Here's how to cut ties with the ridesharing service

If you thought that deleting the Uber app would also delete your account, think again. You'll have to deactivate your account, then wait 30 days in order to do so. Here, we outlined how to delete your Uber account once and for all.
Social Media

Federal investigation digs into Facebook’s data-sharing deals

Facebook confirmed it is cooperating with a federal criminal investigation. According to a report, the company is under investigation for sharing user data with smartphone and tablet companies.
Social Media

Facebook explains its worst outage as 3 million users head to Telegram

Facebook, if you didn't already know it, suffered a bit of an issue on Wednesday, March 13. An issue that took down not only its social networking site, but also Instagram, WhatsApp, and Messenger. On Thursday it offered an explanation.
Gaming

Snapchat could soon let you play games in between your selfies

If a new report is accurate, Snapchat will be getting an integrated gaming platform in April. The platform will feature mobile games form third-party developers, and one publisher is already signed on.
Social Media

Twitter is testing a handy subscription feature for following threads

Twitter has recently started testing a feature that lets you subscribe to a thread so that you’ll no longer need to like a comment or post to it yourself in order to receive notifications of new contributions.
Social Media

Your Google+ public content will remain viewable on the web, if you want it to

Google's failed social network — Google+ — will soon be wiped from the internet, but there's a team of volunteers working right now to save its public content for the Internet Archive.
Computing

There’s more space on MySpace after ‘accidental’ wipe of 50 million songs

MySpace is no longer a safe refuge for music and media produced in the 2000s. It said that almost any artistic content uploaded to the site between 2003 and 2015 may have been lost as part of a server migration last year.
Computing

Intel and Facebook team up to give Cooper Lake an artificial intelligence boost

Intel's upcoming Cooper Lake microarchitecture will be getting a boost when it comes to artificial intelligence processes, thanks to a partnership with Facebook. The results are CPUs that are able to work faster.
Social Media

New Zealand attack shows that as A.I. filters get smarter, so do violators

The shootings in Christchurch, New Zealand were livestreamed to social media, and while stats show networks are improving at removing offending videos, as the system improves, so do the violators' workarounds.
Photography

Insta-checkout? New Instagram service lets you shop without leaving the platform

Shopping on Instagram no longer means leaving the platform to checkout in a web browser. Instagram checkout launched in beta today with a handful of retailers, allowing users to checkout without leaving the app.
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. But with so many subreddits to choose from, exploring them can be overwhelming. Here are some of the best subreddits to get you started.