Extortion Over $50,000 Twitter Handle Sets a Chilling Precedent

Former Staff Writer
2 min read

Twitterverse, take heed: The caché of possessing a highly sought-after Twitter handle has apparently escalated to the extent that hackers are now prepared to extort users for access to their usernames.

The California web developer Naoki Hiroshima, for instance, says he was offered as much as $50,000 for his account, @N, while attempts to steal the name were recurrent. In a post published today, he recounts the cunning and systematic machinations that ultimately forced him to relinquish @N after a hacker compromised both his PayPal and GoDaddy accounts.

Hiroshima had registered @N back in 2007. His new handle? @N_is_stolen.

Related: The Only Thing Scarier Than Self-Driving Cars Are the Hackers Waiting to Attack Them 

Initial attempts to access the account were fairly pedestrian. A hacker contacted Hiroshima through Facebook messages asking him to change his Twitter login info, and then e-mailed Twitter in an attempt to reset the email address and password.

When Twitter demanded more information, the hacker set his sights on Hiroshima’s GoDaddy account, which comprised various domain names that he’d paid for with a credit card attached to a PayPal account. Here’s where it gets scary: The hacker later admitted in an email to Hiroshima that he’d simply called PayPal and “used some very simple engineering tactics” on one of its agents to obtain the last four digits of Hiroshima’s credit card over the phone.

Related: Uh, Did Your Refrigerator Just Send Me an Internet Virus? 

Then, in order to poach the GoDaddy account, the hacker told a GoDaddy agent that, “I had lost the card but I remembered the last four.” In a terrifying turn, the agent then allowed the hacker to simply guess the first two digits of the card number -- all that was needed in order to gain complete access to Hiroshima’s domains. “I got it in the first call,” the hacker later admitted -- part warning, part boast. “Most agents will just keep trying until they get it.”

According to Hiroshima, the experience sets a chilling precedent: “To avoid their imprudence from destroying your digital life,” he wrote, “don’t let companies such as PayPal and GoDaddy store your credit card information.”

Related: Target's Security Breach Stresses the Need for Better Cyber Security

More from Entrepreneur
Our Franchise Advisors are here to help you throughout the entire process of building your franchise organization!
  1. Schedule a FREE one-on-one session with a Franchise Advisor
  2. Choose one of our programs that matches your needs, budget, and timeline
  3. Launch your new franchise organization
Entrepreneur Insider members enjoy exclusive access to business resources for just $5/mo:
  • Premium articles, videos, and webinars
  • An ad-free experience
  • A weekly newsletter
  • Bonus: A FREE 1-year Entrepreneur magazine subscription delivered directly to you
Try a risk-free trial of Entrepreneur’s BIZ PLANNING PLUS powered by LivePlan for 60 days:
  • Get step-by-step guidance for writing your plan
  • Gain inspiration from 500+ sample plans
  • Utilize business and legal templates
  • And much more

Latest on Entrepreneur