Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Tech Gear

'$50,000 Twitter handle' apparently lost after PayPal, GoDaddy mistakes

See also

If you recall how Matt Honan's digital life was destroyed in 2012, then you can understand why Naoki Hiroshima gave in to a "cyber-terrorist's" demands. Hiroshima lost what he called his $50,000 Twitter username when PayPal and GoDaddy allowed someone to take over his accounts, The Verge reported on Wednesday.

The Twitter username was @N. Indeed, as a single-letter username, it was in high demand, and he had been offered as much as $50,000 for it. Others had tried to steal it, but this thief was successful, when he gained access to Hiroshima's domain names and threatened that they could be repossessed by GoDaddy and "never seen again."

Recalling the horrible digital wasteland that Matt Honan's life became after a similar incident, in which customer service representatives gave a hacker access to his Amazon.com and iCloud accounts, though means that should not have been allowed -- but they were -- Hiroshima gave control of the @N Twitter username to his blackmailer.

How did all this happen?

The first sign that something was amiss came during a meal.

While eating lunch on January 20th, 2014, I (Hiroshima) received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.

Lesson learned: Don't ignore these messages.

By posing (on the phone) as a fellow PayPal employee, the miscreant convinced the CSR he spoke to to give up the last four digits of Hiroshima's credit card. Normally, that is useless, but in this case, the attacker was then able to use them as verification on the phone with GoDaddy.

What's interesting is that when Hiroshima tried to take control of his domain back, he was asked for the last six digits of his credit card. If the original GoDaddy CSR the attacker had spoken to had required that information, the transfer would have never taken place. Instead the CSR allowed the attacker to guess the first two digits of the card, and he got it right away. As he added in communication with Hiroshima after he got what he wanted:

I got it in the first call, most agents will just keep trying until they (the customer, we assume) get it

At this point Hiroshima realized that control of his @N Twitter account was the target of the attack, so he changed the email address associated with the account before the attacker changed the DNS entries for his domain name.

This stopped the attacker's progress, but the attacker then compromised Hiroshima’s Facebook account. Eventually, he made his demands via email, and issued the following ultimatum:

I’ve seen you spoke with an accomplice of mine, I would just like to inform you that you were correct, @N was the target. it appears extremely inactive, I would also like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen again D:

I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5minutes while I swap the handle in exchange for your godaddy, and help securing your data?

Faced with the prospect of losing his digital life, and with GoDaddy unwilling to help (as the registration of the domain names had successfully been changed), Hiroshima gave up and gave the hacker control of @N.

After all this, could Twitter give the account back to Hiroshima? If the digital clues are traced, surely all the companies involved would be able to connect the dots.

Probably -- if they bothered to take the time to investigate -- Twitter could do so. However, what is to prevent the hacker to take retribution against Hiroshima?

Instead, it appears Hiroshima has settled. He now owns the Twitter handle @N_is_stolen.

Update: PayPal has issued a post in which it denied giving out Hiroshima's credit card info.

Advertisement

Don't Miss

  • Massive
    Ubisoft Massive exclusive: 'The Division', PS4 & Xbox One, Activision to Ubisoft & more
    Camera
    Games Exclusive
  • iPhone
    Get your wallet ready: The next iPhone could cost $100 more than your last one
    Video
    Tech Buzz
  • Civ
    Need to catch up on 'Sid Meier's Civilization'? Here is everything you need to know
    Camera
    Games Feature
  • Google Glass
    See how Google Glass is letting sick kids go to the zoo without leaving the hospital
    Tech News
  • Upcoming
    These are 2014's biggest PS4, Xbox One and Wii U games
    Camera
    Games Feature
  • Google
    Google has filed for a patent to develop contact lenses capable of taking photos
    Video
    Headlines

User login

Log in
Sign in with your email and password. Or reset your password.
Write for us
Interested in becoming an Examiner and sharing your experience and passion? We're always looking for quality writers. Find out more about Examiner.com and apply today!