Twitter “X” Drops Dark Web Presence

Twitter, now known as X, recently dropped its dark web and deep web presence. At the start of 2022, Twitter got into the dark net service. It will allow users to log in and surf Twitter services all over the globe. Users can use the Twitter dark net service via the onion service known as Tor.

But do you know why Twitter company blocked its dark net service? If you don’t, you are in the accurate place. In this post, we will go through a detailed guide on Twitter’s presence on the dark net and why Twitter dropped its presence. And what people can do when Twitter data is stolen on the dark net forums. So let us first move to know about Twitter on the dark internet service.

Twitter on the Dark Web Service

Last year, in March, Twitter entered the dark net service that allows users to log in and browse Twitter anywhere around the world. Even in Russia, where it is expelled. Other websites like BBC, Facebook, Deutsche Welle, Radio Free Europe, and Reddit also host their services on the Tor Browser.

People can access the dark web or dark net through an onion service – a section of the internet. That is only reachable via dedicated web browsers like TOR to bypass censorship and surveillance.

Users can download the Tor browser like any other software. While in regions where Tor is blocked, it can still be accessible via a Tor bridge tool. It also provides extra privacy for users who do not want their online activity tracked by government companies or hackers.

Using the dark web and deep web via TOR adds even extra sanctuary. Because it circumvents conveyance traffic via exit relay nodes that can sometimes be embraced by censorship or detectives.

Elon Musk’s Twitter no longer exists on the dark and deep net after the company let its Tor Onion service certificate perish. The Tor version of the Twitter website was actually launched last year in the backwash of Russian dodging of Ukraine as an anti-restriction software.

The Russian government has blocked Facebook access and restricted Twitter to try to control the stream of data about its conflict in Ukraine. BBC, the US Government subsidize of America and Radio Free Europe/Radio Liberty, German broadcaster Deutsche Welle, and Latin-based site Meduza were also blocked.

Whereas the media corporations have been against Russia’s attempt to resist data following regulation, striking jail sentences for those scattering data contradicting the Russian Government’s description of the war.

However, both firms, Twitter and Facebook, have said they are working on reestablishing access to people inside Russia even as they control the state media from their services. Twitter was amid numerous websites banned by Russia in retribution for the platform employing restrictions on nationally possessed media like RT and Sputnik. The onion site of Twitter is no longer accessible, apparently with no strategies to reintroduce it.

The Tor project has reached out to Twitter to look into taking the onion version of the social media platform back online. One of the spoke persons of the Tor project said in a statement that.

“People who depend on onion services for an additional coating of safety and assurance that they are getting into the content they are seeing, for now, have one less revenue of doing so securely.”

Alec Muffet, a software engineer who assisted in launching the Twitter dark web service, offered his help to restore the service again. He posted a statement on Twitter in which he tagged the CEO of Twitter, Elon Musk.

“Remediating this is a simple, low-priced, and administratively popular feature of the current Twitter service running on a minor docker level. I am happy to instruct any Twitter engineers who want to solve it.”

The ending of Twitter Tor service Onion site comes after Elon Musk placed thousands of employees following his overthrow last year, exiting almost 13000 workforce at the company of an original 7500.

What Twitter Information was Negotiated on the Dark Web?

As per the reports, the breach material includes the email addresses, phone numbers, and credentials that users used to set up their accounts on Twitter, almost 235 million users. The data corresponds with details publicly scraped from users’ profiles, letting the cyber criminals make more complete data dossiers on potential victims.

Furthermore, according to tech media reports, the data for each user includes not only email addresses and phone numbers. But names, screen names/user handles, followers, and account creation time as well.

Briefly, anybody who buys the haul from breached will have the contact and partial login info for impacted Twitter users. This is a potential security issue for those accounts and a major privacy violation for anybody who does not want random dark web goons to access their contact data.

When did the Twitter Data Breach Happen?

The Twitter data that appeared breached on the dark web was stolen in 2021. According to the reports, cybercriminals exploited an API vulnerability in the Twitter platform to call up user data connected to hundreds of millions of users’ accounts.

This bug created a bizarre lookup function allowing anyone to use a phone number or email to Twitter systems. It would then verify whether the credential was connected to an active account. The bug would also reveal which specific account was tied to the required credentials.

However, the vulnerability was discovered by the Twitter bug bounty program in January of 2022 and was primarily publicly acknowledged last August. The Twitter company said that the bug resulted from an update to its code that took place in June 2021.

At that point, the Twitter company told users it had no evidence to suggest someone had taken advantage of the vulnerability, though they were totally wrong. At the same time, it is unclear when cybercriminals discovered this bug and started exploiting it. But by the time the platform caught on, the hackers had already stolen data from a shitload of people.

The total amount of authentic data inside the Breached haul is unknown. Analysts and journalists have tasted portions of the data and found it to involve real accounts.

Why Twitter “X” Drops Dark Web Presence? Reasons

The data indicated that Elon Musk’s Twitter is full of junk spam and bots. As per the new information research, many Twitter accounts have been built with tools and services in the deep and dark net. However, this problem worsened, and that is why Twitter decided that Twitter’s dark website must drop its presence from the dark and deep net.

Below, we have shared the reasons that caused Twitter to drop its presence in the dark and deep net area.

1.   Account Amplification

Another reason for Twitter’s drop in the dark web presence is account amplification when more followers and activity on social media platforms led to more engagement. On the underground, Twitter users can purchase bots to inflate their followers and activities, for example, likes and replies.

However, it could enable them to mass produce spam or to simulate a community. Instead, they can purchase pre-made accounts with the following.

Twitter Bots on the Dark Web

Twitter bots cooperate with the platform to accomplish computerized activities at scale. One of the bots sold on underground dark net forums advertises mass subscriptions like retweeting comments and tweets. Also, the ability to change the profile username, name, and description. It allows the bot user to operate a firehouse of activity, spamming what they want.

Below are examples of Twitter bots sold on the deep web and dark net.

  • A Twitter bot for sale enables an account to perform mass subscription comments, likes, retweets, and change the info of a profile.
  • Another bot sold for $100 alleges to perform follows, likes automatically, and retweets to a user. The buyer of the bot gets the source code, letting them tinker with it as they need.

Twitter’s Follower Inflation

Twitter accounts with significant followers are more respected, and their posts have a higher engagement rate. Many dark web services offer a shortcut to these ends, promising to grow an account following.

Here, we share some cases that enable Twitter followers to inflation.

  • One software tool from the dark web and deep web service enables users to add 15000 followers daily on the platform.
  • Another follower inflation service from Deep Web and Dark Web hosted a giveaway in which the winners would get 1000 followers.
  • Some users need more followers; thousands of followers are not enough. One user wants to buy 1 million high-quality Twitter followers and get numerous answers to this solicitation.

Account Purchasing

More than 5 million users of Twitter accounts data are being sold on the dark web and deep web forums for almost $30000. Going by the amazingly creative code-named devil, the threat actors export data on 5.4 million users, seemingly attained by abusing a vulnerability exposed in January 2022.

Though the buyers of these accounts get their database, Twitter has seemingly patched the hole and even compensated the person who found it, going by the name Zhirinovskiy, $5040.

The database contains public-facing data email addresses for registering the account phone numbers. The data set helps with security; email addresses and phone numbers could still be used for other forms of phishing, identity theft, and even full account takeover.

Furthermore, sellers claim the database contains sensitive data on celebrities, companies, randoms, and Ogs. It was also said that a sneak peek of the database was posted on the data breach conversation and outflows forums, breach forums, where its legitimacy was deep-rooted.

Here are examples of threat actors selling Twitter accounts on the dark web and deep web.

  • A threat actor posted a handful of accounts for sale at prices ranging from tens to hundreds of dollars. These accounts were largely crypto/NFT themed, each of thousands to tens of thousands of followers.
  • Another threat actor wants to sell a Twitter account with 45000 followers for $450.

2.  Account Takeover

Deep web and dark forums offer even more malicious environments where actors can traffic compromised Twitter accounts and the tools and services necessary to perform account takeovers.

Twitter Compromised Accounts

Those who want to buy already comprised accounts can buy logs that are validated credentials for Twitter. However, these accounts could have been compromised in several ways.

One way is credential stuffing. The other way is if they belonged to compromised endpoints on access markets that sell access to data stolen from infected machines. Logs harvested via access markets can include cookies system IP data, letting actors evade MFA and other compromise detection mechanisms.

Lots of Twitter accounts could have been compromised in the second way. Out of the over 2146000 compromised machines sold on access markets last year, a whopping 43500 included access to a Twitter account.

Here are some popular examples of compromised accounts of Twitter available on the dark web and deep web forums.

  • An actor sells Twitter logs alongside those of social media and payment platform accounts for sale on the Telegram application.
  • Lots of actors seek to buy logs value is almost $0.30 with up to 200 followers to $1 for accounts with 5000+ followers. They specify that they want real accounts with valid cookies and IP addresses, which can help them bypass two-factor authentication.

Hacking Services

Another main reason the Twitter platform dropped its presence on the dark net is hacking services on dark net forums. The underground dark net marketplace also offers hacking services that can target a specific Twitter account.

Here are some examples of hacking services of Twitter available on dark net forums.

  • One actor promises to hack any social media account within a day, with pricing set depending on the account type and the number of followers. The pricing depends on the account and the number of followers.
  • Another actor offers services to get any profile banned. The service offers to ban targeted Twitter and Instagram users.

Twitter Hacking tools on the Dark web

One main reason the Twitter platform drops its presence on the dark net is hacking tools on the dark net forums. Users with a DIY hacking approach can find many databases with known username and password combinations. Moreover, many combo lists claim to include hundreds of thousands or even millions of Twitter credentials. However, these are apparently old or invalid.

Below, we have mentioned some examples of Twitter hacking tools used on the dark net.

  • Combo lists of 14 million Twitter and Tumblr users’ email addresses and passwords are presumably old or invalid.
  • To validate the credentials from the combo list, actors must use a credential-stuffing tool called Checker. An actor offers $5000 for a modified Twitter checker on the dark net. Many Twitter checkers are shared on dark and deep net underground forums.

Scrapped Database

Scraping is a popular independent data extraction and collection method in which a threat actor captures and aggregates publicly available data. And dumps it into a large, structured, and useable database.

However, executing the scrapping database is simpler than breaking into a server or database. The threat actor exploits platform vulnerabilities to gather publicly available data.

Below, we have shared some examples of scrapping the Twitter database on the dark web.

  • In June 2021, an actor forwarded a ten million LinkedIn accounts record on secretive dark net forums. They can use scraped data for spam, phishing, social engineering, and identity theft.
  • People find scraped data of over 53 million Twitter accounts shared on the underground dark net forums from almost 70 countries.
  • Another example is a scraped database of five million Twitter users. Moreover, there are scraping tools offered to purchase for almost $40.

What should you do if your Twitter Data is Stolen?

Suppose your Twitter data is out on the dark and deep web communities. What can you do about it? You cannot do anything significant if your Twitter data is stolen and goes on the dark or deep net forums. Except you purchase it yourself and sift through it. It is unclear how you would verify whether you were impacted.

If your email address is stolen, it can be easily changed. But an exposed phone number is a little more complicated; phone numbers are less discardable than emails. However, you can always contact your cellular data provider and request a phone number change if you are worried about privacy.

For instance, you get an email message promising you great pet insurance for your dog Spot, and you have shared many images of Spot on Twitter. Take a long look at the note before responding to it. Particularly, look carefully at any links in the text.

Well, be more cautious than usual about probable phishing and spam attacks. If you think you may have already been hacked, follow these tips and tricks to avoid any other malicious thing.

  • Check your devices: Check your PC smartphone with a high-quality anti-virus program without taking any chances.
  • Turn on two-factor authentication: review your accounts and change their security access. While you are at it, turning on 2FA on all your emails and accounts puts the account security firmly in your hands.
  • Stop using Twitter to use other Sites: Don’t use Twitter authentication to log in to other social media platforms to avoid other issues.
  • Remove your data: All your info, like your birthday, phone number, address, hometown, and security questions, may be in hand on the stealer. So, delete all that info from your Twitter account.


What is considered black Twitter?

Black Twitter is a term to describe the collective identity of African American Twitter users who have created a virtual community that participates in continuous real-time conversations. The term is basically a digital community that allows people to connect and bond over what it means to be black.

What can hackers do with your Twitter X?

When hackers gain access to any of your online accounts, hackers can also change the account password and username, leaving you locked. It could take a few hours or days to come to your attention, like sending unauthorized messages. Mass following or unfollowing Twitter accounts, blocking other Twitter users, and selling your Twitter data on the dark web and deep web underground forums and marketplaces.

Is it OK to look at the dark web?

Like the surface web, the dark web is riddled with scams, phishing sites, and malware designed to exploit new users who may not be better. But be careful when surfing the dark web. Even though the dark web is touted as private and secure, risks are still involved.

Is Twitter on Tor?

Users who depend on Onion services for extra protection and guarantee that they are accessing the content they are looking for now have fewer means of doing so safely. But users can still visit through a browser running Tor. However, users would not benefit from Tor’s precise Onion site consults.

Is social media part of the deep web and dark web?

Deep web and dark web content contain email messages, text messages, private content on social media websites, bank statements, health records, and illicit content. That is accessible one way or another over cyberspace.

Summing Up

Twitter entered into the dark web last year in March. But recently, Twitter has dropped its presence on the dark and deep net for several reasons, including hacking tools, spamming attacks, account purchasing, compromised accounts, Twitter bots, follower inflation, and scraped databases. However, hackers steal the data of Twitter users and sell it on the underground dark and deep net forums.

In this post, we have described the details of Twitter drops on the dark and deep net presence, their reason, and what someone should do if their Twitter data is stolen on the deep and dark net. Let us know in the comment section if you have any questions about the absence of Twitter services on the dark and deep net.

Leave a Comment