How I lost my $50,000 Twitter username (By Naoki Hiroshima)

Just saw this off of reddit.. wanted to post this up ASAP~!! It's a MUST read to those who have multiple accounts and esp with a GoDaddy account.. which I ALMOST did.. please read the entire article ..

and stay wise on what is going on ..

Noki Hiroshima is the creator of Cocoyon and a developer for Echofon. This post originally appeared on Naoki’s Medium blog and has been republished with permission.

Update: PayPal has denied that its customer service representative divulged credit card information over the phone. GoDaddy has admitted partial responsibility for the incidents. Finally, the @N account itself is actually in someone else’s hands, after Twitter made it available after initially deactivating it.

I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox.

As of today, I no longer control @N. I was extorted into giving it up.

TNW source


Wanted to add this to get to the jist of the issue.. but the entire read is still a must for the goings on ..

PayPal and GoDaddy Facilitated The Attack

I asked the attacker how my GoDaddy account was compromised and received this response:

From: SOCIAL MEDIA KING
To: Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello

- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)

- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to
recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)

reply to post by Komodo


Well, if that is legitimate and there isn't a whole lot more than he's choosing to tell anyone about? He has a clear cut and very obvious civil suit to file here, IMO, and it should bring him considerably more than $50,000 by the end of things. Maybe add a zero to that, if pushed out to a Jury verdict.

I hope he intends to pursue it beyond rants on the internet. Nothing stops unless people take the time to MAKE it stop...and law suits are, sadly, the most effective means when those involved figure they can just walk away from a serious wrong that hasn't been made right.

I heard about this last night from a friend. I had no idea, that the twitter account names were worth so much.
I suggest the guy hire an attorney, not go after the hacker, but paypal and whoever else let the private info go, so easily over the phone.

reply to post by Wrabbit2000


He probably has a case against GoDaddy and he'll need more proof against paypal to win anything.

Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. source

my favorite part

Redfoot also says that GoDaddy is “making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.”

"Evolving hacker techniques?" This tactic has been used for awhile. Kevin Mitnick

Another stolen Twitter acount story

Wrabbit2000
reply to post by Komodo

 

Well, if that is legitimate and there isn't a whole lot more than he's choosing to tell anyone about? He has a clear cut and very obvious civil suit to file here, IMO, and it should bring him considerably more than $50,000 by the end of things. Maybe add a zero to that, if pushed out to a Jury verdict.

I hope he intends to pursue it beyond rants on the Internet. Nothing stops unless people take the time to MAKE it stop...and law suits are, sadly, the most effective means when those involved figure they can just walk away from a serious wrong that hasn't been made right.

yea..i'm not entirely sure where exactly the 50k came in, as the article didn't really point to that aspect of the issue...

as for being legit, you can always contact him directly I suppose, but, on the surface, to me it is and definitely classic Soc-Eng ear tags to it..

It just kinda freaked me out being that I was so close to getting a GoDaddy account for my up and coming business, interesting to note, my spidey senses were tingling so .. glad I didn't and still not sure where to post my business on-line in the light of all this...you know?

To me, you'd think as big as a company as GoDaddy & (feel like I have to wash my mouth out with this next word) PayPal, they would have top notch customer service and yearly ongoing refresher classes for such a subject.

I digress I guess, maybe I'm to quality minded...don't make alot of friends in quality .. but, then the rubber meets the road and the quality withstands the test of time, you shine like the sun

reply to post by ATSmediaPRO

"Evolving hacker techniques?" This tactic has been used for awhile. Kevin Mitnick

Yea..
my thoughts exactly!



My issue with this now makes my CT mind even more suspicious in that, was this a inside job? How are we going to trust the industry to NOT be corrupt or 'shifty' ?

reply to post by Komodo


Oh I wasn't questioning it..Sorry if it seemed that way. I guess I greet everything with a dash of skepticism these days. Professional hazard? lol...

By the way, for what it's worth..I've used GoDaddy for several years now and through a series of domain names I've had and let slide for different projects. I've never had a problem...but then, I didn't have a 'choice' name, either.

A 1 letter name of any sort would be like gold sitting on a park bench to fight off the thieves. It's just a shame the companies involved weren't as determined to help keep everything honest when the thieves came calling in what obviously was the way which worked.

What a name to have too.... N.. Oh, that would be something. I'd once looked into domain names (squatting as it's called by many) to buy and sell and there is BIG BIG money in it, depending on the name and regardless of what is attached to it. Just the name alone ...for the right one.

reply to post by Wrabbit2000


thx buddy ..

got your U2U

S^F!

Same thing happened with my PHONE NUMBER because it is(was) in the format (###) X00-000!!!

I had paid an associate at a major telecom company 10 years ago 5 figures for it, for my landscaping business. One day, it was ported out an being used for a VIP limo-with-live-escorts XXX service!

gardener
S^F!

Same thing happened with my PHONE NUMBER because it is(was) in the format (###) X00-000!!!

I had paid an associate at a major telecom company 10 years ago 5 figures for it, for my landscaping business. One day, it was ported out an being used for a VIP limo-with-live-escorts XXX service!

WOW...

just WOW !!!

and no repercussions against the telecom company I presume?

Reminds me of the million dollar license plates in the UAE for any low digit numbers.

Evidence our race is doomed to be honest.

so the name @N was worth 50k?
thats just plain stupid, I dont get it