Like the credit card companies, Twitter is also in a co-evolutionary role with the threat. Twitter’s countermeasure is to have users enable their two factor authentication. This effectively puts stolen Twitter credentials vendors out of business; but the problem is that this is still optional to the Twitter user and the bias with the community is that they don’t enable it. As with most information security issues, changing human behaviour is always the most difficult.
Whether defending your personal information or your companies information, you need to think like the adversary and that adversary is a part of a complex and highly effective supply chain. The data they want to take has value in some part of that supply chain and it may not be obvious because you don’t see it as directly monetized like a credit card dumps. This is why we must continuously monitor and adapt to the changing threat environment as they inturn do the same to our defences. Over the coming years, these darkmarkets are going to be more visible because 1) they are interesting and newsworthy and 2) it is where the business of cyber security is being invented and practiced. The business paradox they face is to become more visible and grow their market share or remain dark and exclusive slowing their revenue growth. The adversaries are treating cyber security as a business problem, it is about time that their victims do the same."