Extortion Over $50,000 Twitter Handle Sets a Chilling Precedent
A California web developer with the Twitter handle @N was forced to give it to a hacker who compromised both his PayPal and GoDaddy accounts
By Geoff Weiss •
Opinions expressed by Entrepreneur contributors are their own.
Twitterverse, take heed: The caché of possessing a highly sought-after Twitter handle has apparently escalated to the extent that hackers are now prepared to extort users for access to their usernames.
The California web developer Naoki Hiroshima, for instance, says he was offered as much as $50,000 for his account, @N, while attempts to steal the name were recurrent. In a post published today, he recounts the cunning and systematic machinations that ultimately forced him to relinquish @N after a hacker compromised both his PayPal and GoDaddy accounts.
Hiroshima had registered @N back in 2007. His new handle? @N_is_stolen.
Related: The Only Thing Scarier Than Self-Driving Cars Are the Hackers Waiting to Attack Them
Initial attempts to access the account were fairly pedestrian. A hacker contacted Hiroshima through Facebook messages asking him to change his Twitter login info, and then e-mailed Twitter in an attempt to reset the email address and password.
When Twitter demanded more information, the hacker set his sights on Hiroshima's GoDaddy account, which comprised various domain names that he'd paid for with a credit card attached to a PayPal account. Here's where it gets scary: The hacker later admitted in an email to Hiroshima that he'd simply called PayPal and "used some very simple engineering tactics" on one of its agents to obtain the last four digits of Hiroshima's credit card over the phone.
Related: Uh, Did Your Refrigerator Just Send Me an Internet Virus?
Then, in order to poach the GoDaddy account, the hacker told a GoDaddy agent that, "I had lost the card but I remembered the last four." In a terrifying turn, the agent then allowed the hacker to simply guess the first two digits of the card number -- all that was needed in order to gain complete access to Hiroshima's domains. "I got it in the first call," the hacker later admitted -- part warning, part boast. "Most agents will just keep trying until they get it."
According to Hiroshima, the experience sets a chilling precedent: "To avoid their imprudence from destroying your digital life," he wrote, "don't let companies such as PayPal and GoDaddy store your credit card information."
Related: Target's Security Breach Stresses the Need for Better Cyber Security
