Extortion Over $50,000 Twitter Handle Sets a Chilling Precedent

Extortion Over $50,000 Twitter Handle Sets a Chilling Precedent
Image credit: Steve Snodgrass
  • ---Shares
Free Webinar | August 16th

Find out how to optimize your website to give your customers experiences that will have the biggest ROI for your business. Register Now »

Twitterverse, take heed: The caché of possessing a highly sought-after Twitter handle has apparently escalated to the extent that hackers are now prepared to extort users for access to their usernames.

The California web developer Naoki Hiroshima, for instance, says he was offered as much as $50,000 for his account, @N, while attempts to steal the name were recurrent. In a post published today, he recounts the cunning and systematic machinations that ultimately forced him to relinquish @N after a hacker compromised both his PayPal and GoDaddy accounts.

Hiroshima had registered @N back in 2007. His new handle? @N_is_stolen.

Related: The Only Thing Scarier Than Self-Driving Cars Are the Hackers Waiting to Attack Them 

Initial attempts to access the account were fairly pedestrian. A hacker contacted Hiroshima through Facebook messages asking him to change his Twitter login info, and then e-mailed Twitter in an attempt to reset the email address and password.

When Twitter demanded more information, the hacker set his sights on Hiroshima’s GoDaddy account, which comprised various domain names that he’d paid for with a credit card attached to a PayPal account. Here’s where it gets scary: The hacker later admitted in an email to Hiroshima that he’d simply called PayPal and “used some very simple engineering tactics” on one of its agents to obtain the last four digits of Hiroshima’s credit card over the phone.

Related: Uh, Did Your Refrigerator Just Send Me an Internet Virus? 

Then, in order to poach the GoDaddy account, the hacker told a GoDaddy agent that, “I had lost the card but I remembered the last four.” In a terrifying turn, the agent then allowed the hacker to simply guess the first two digits of the card number -- all that was needed in order to gain complete access to Hiroshima’s domains. “I got it in the first call,” the hacker later admitted -- part warning, part boast. “Most agents will just keep trying until they get it.”

According to Hiroshima, the experience sets a chilling precedent: “To avoid their imprudence from destroying your digital life,” he wrote, “don’t let companies such as PayPal and GoDaddy store your credit card information.”

Related: Target's Security Breach Stresses the Need for Better Cyber Security

Edition: July 2017

Get the Magazine

Limited-Time Offer: 1 Year Print + Digital Edition and 2 Gifts only $9.99
Subscribe Now
OK

This website uses cookies to allow us to see how our website and related online services are being used. By continuing to use this website, you consent to our cookie collection. More information about how we collect cookies is found here.