The Underground Economy of Stolen Identities: How Hackers Turned Usernames Into a Black Market

In the early days of the internet, securing a simple, memorable username—like "Lizard" on Snapchat—was a badge of honor.

Today, these handles have become a form of digital real estate, traded in underground marketplaces for thousands of dollars. But behind this economy lies a darker reality: a network of hackers, social engineers, and opportunists who exploit weak security to steal, extort, and resell accounts.

The story of Lizzy, a nonprofit worker whose Snapchat was hacked, reveals how these networks operate. From Maxim’s Xanax crew to SIM-swapping ringleader Worthy, this investigation by Alex Goldman for Reply All uncovers the mechanics of account theft, the psychology of digital extortion, and the unsettling ease with which personal data can be compromised.

Hijacking of Lizzy's Snapchat Account @Lizard

Lizzy was on vacation in Asheville, North Carolina, when she realized something was wrong. She tried opening Snapchat to send a photo of a brewery to her brother but found herself locked out. Soon after, three emails arrived in rapid succession:

1. "Your account has been logged in by a user on an iPhone 8."

2. "The password to your account has been changed."

3. "The phone number associated with your account has been changed."

Then came the threats via iMessage, sent from an email address ([email protected]):

"Yo, if you try to touch Snapchat lizard or do anything, you're fcked. I've got your ndes and IRLs. Just don’t do anything. We’ll be fine."

The term "IRLs" (in-real-life info) suggested the hacker had personal details, compounding Lizzy’s fear.

Snapchat Restores Access, But Lost Data and Lingering Fear Underscore a Hollow Victory

Lizzy reported the breach to Snapchat, which restored her account—but with critical losses:

• All her contacts were deleted.

• Her archived "Memories" (including potentially sensitive photos) were gone.

Without these, she couldn’t verify whether the hacker actually had compromising material. Worse, the threats continued:

"Give it back else I’mma smoke you. B*tch."

The psychological toll was severe. Lizzy, who worked with teens at a nonprofit, felt exposed. She avoided using Snapchat, had her roommate sleep in her bed for safety, and grew paranoid walking alone. Even after an initial investigation by Snapchat suggested the hackers likely didn't have explicit photos, the fear and violation lingered, demonstrating how hackers weaponize uncertainty and that even empty threats can inflict lasting trauma.

Furthermore, platforms’ recovery processes often fail to fully restore trust when deleted data leaves victims in limbo.

Unmasking [email protected]: The Trail Leads to 'Maxim' and His SoundCloud Rap-Fueled Xanax Crew

The email domain zan.ax led investigators to a Discord server run by Maxim, a self-styled hacker with a taste for SoundCloud rap, Gucci, and Audemars Piguet watches. His online persona was a mix of luxury flexing and juvenile bravado:

• Twitter: twitter.com/hades

• Instagram: instagram.com/fuck

• Steam: steamcommunity.com/id/satan

Maxim’s Xanax crew (named after the domain) included Seb (Stockholm) and Evan (UK), who left traces in the website’s source code:

xan.ax maxim/evan/seb

Inside OGUsers.com: Discovering the Thriving Black Market for Stolen Social Media Handles

The group’s activities pointed to OGUsers.com, a marketplace for coveted usernames. Transactions followed a clear pattern:

1. Theft: Hackers steal accounts via weak passwords, phishing, or SIM swapping.

2. Resale: Handles like "Antichrist" (sold for $4,000) or "Lizard" are flipped for profit.

3. Extortion: Some buyers use accounts to threaten original owners.

Notable Sales:

• @car (Instagram) – $70,000 (claimed by Worthy)

• @loser (Twitter) – $2,000 (purchased by Seb)

This underground economy reveals that OG handles have become digital status symbols, akin to rare sneakers or designer clothes, and the market thrives on platform vulnerabilities such as weak passwords, lax two-factor authentication, and carrier exploits.

The SIM Swapping Menace: Hacker 'Worthy' Reveals How Easily Phone Numbers Are Exploited for Account Takeovers

Worthy, a hacker interviewed during the investigation, explained the process:

1. Obtain the victim’s phone number (via leaks, phishing, or social engineering).

2. Call the carrier (e.g., T-Mobile), impersonate the victim, and request a SIM transfer.

3. Intercept 2FA codes sent via SMS, then reset passwords.

After the hack, Worthy microwaved SIM cards to destroy evidence—a bizarre but effective tactic.

Beyond Usernames: SIM Swapping's Lucrative Reach into Cryptocurrency and Real-World Assets

Worthy claimed his operation made $8.7 million annually, targeting:

• Social media accounts (OG handles).

• Cryptocurrency wallets (via SIM-swapped exchanges).

• Random victims ("just to see what they got").

He also described selling homes and repossessing cars through identity theft—though these claims were unverified. While Lizzy likely wasn't SIM-swapped (her phone still worked, just not Snapchat), the method highlights a prevalent and dangerous technique in this ecosystem, underscoring that phone numbers are often the weakest link in digital security and that carrier protocols can be dangerously outdated, relying on easily spoofed verification.

Beyond the Screen: The Deep Emotional Scars and Pervasive Paranoia Inflicted by Account Hacking

For Lizzy, the hack wasn’t just about losing an account—it shattered her sense of safety:

• She stopped using Snapchat entirely.

• Received unsolicited explicit messages from new "friends" added by the hacker.

• Felt vulnerable in public, especially walking alone at night.

Confrontation Reveals Teen Hackers

Investigators eventually identified Charlie, a high schooler who, it turned out, bought Lizzy’s account for $100 from another hacker and resold it for $1,500. The original threat from [email protected] could have come from anyone who bought an email address from the Xanax crew, not necessarily Maxim himself. When confronted on Discord, Charlie's initial response was dismissive:

"It’s a social media account. You’re making it way more serious than it actually is."

But in a second conversation, Charlie—who had himself been doxxed and swatted—showed more understanding.

Kevin, the hacker who originally stole the account, then joined the call. He admitted using a "top 500 passwords" list to brute-force Lizzy’s login, assuming the account was inactive after a month.

Initially defensive, Kevin later reconnected, genuinely apologized, and returned the $100 via Bitcoin. He shared his own experience of being doxxed, which gave him perspective on Lizzy's fear. This entire exchange suggests that many hackers are young and detached from the consequences of their actions, at least until they experience similar victimization firsthand, and highlights that restitution in cybercrime is unfortunately rare, making Lizzy’s case an outlier.

Expert's Drastic Security Overhaul Reveals Pervasive Vulnerabilities and Necessary Digital Protections

After the hack, Michael Bazelle (a former FBI cybercrime consultant) prescribed drastic measures for Alex Goldman to illustrate the pervasive risk:

1. Port your phone number to Google Voice (separate it from your SIM).

2. Use a password manager + YubiKey (never SMS-based 2FA).

3. Freeze your credit and scrub data from Whitepages, Intellius, etc.

4. Assume your data is already exposed—monitor for misuse.

Bazelle also uncovered Alex Goldman’s SSN, family details, and even a hidden middle name ("Terabello") in under an hour—proof of how exposed we all are. Lizzy herself adopted many of these security measures. This experience serves as a stark reminder that robust security hygiene is non-negotiable, as default protections like SMS-based two-factor authentication are often inadequate, and the burden of protection unfortunately falls heavily on individuals, not just platforms.

Lizzy’s story underscores a growing crisis: the commodification of online identities. As handles become status symbols, hackers will keep exploiting weak security—whether for profit, clout, or chaos.

To make things safer online, several important changes are needed.

For example, online services shouldn't just depend on phone numbers as the only way to help people get back into their accounts. Phone companies also need to make it much harder for criminals to steal phone numbers through what's called SIM swapping. Finally, individuals can greatly improve their own security by using password managers to create strong, unique passwords and by using stronger login methods, like physical security keys, instead of relying only on text message codes.

Until then, the underground economy of stolen identities will thrive, and victims like Lizzy will pay the price.

Top Tweets of the day

1/

Sara Blakely has a knack for naming things.

2/

Female Fantasy + Erotica Novels has lots of consumption.

There is a billion-dollar AI app in here somewhere. AI Companion is one niche.

3/

Every AI model excels at a different thing. Some follow instructions too well. Some handle complex tasks well.

Lots of alpha in here knowing which model to use.

The genius of a good prompt engineer lies in getting a less intelligent model to do a complex task with clear instructions but you can easily do it with a more intelligent but expensive model.

An expert video editor just needs a simple instruction: "Make the TikTok go viral" while a beginner video editor needs a detailed example like "Make the hook of the TikTok to be shocking. Sync the ending and the start of the TikTok script to get more rewatches. Use AI-generated videos from Midjourney."

It is similar with AI model. Smarter (expert) models can do with vague instructions. Dumber (beginner) models need specific instructions.

Rabbit Holes

1. The Evolution of Transactions by Paddle Studios

2. Prompt Design by Cursor

3. Temu: Dissecting the High-Growth Marketing Acquisition Channels by Know How Marketing

What’d ya think of today’s newsletter? Hit ‘reply’ and let me know.

Do me a favor and share it in your company's Slack #marketing channel.

First time? Subscribe.

Follow me on X.

More Startup Spells 🪄

1. Packaging Premium: Four Tweets Shared the Same Idea—Only the One With Visuals Took Off (LINK)

2. Steph Smith's Genius Trick To Funnel Traffic From Marketplaces (LINK)

3. Vista's Billion-Dollar Private Equity Strategy for Customer Selection (LINK)

4. $1 per month community (130k+ members) (LINK)