The Inquirer-Home

Paypal and Godaddy got embroiled in a Twitter handle hijacking

@N is lost in the wilds
Thu Jan 30 2014, 15:53
Twitter Money

A TWITTER USER is down $50,000 because he lost control of the @N account after a combination of Paypal and Godaddy gifted it to someone else.

The @N holder, or one-time holder, is using another account now called @N_is_stolen. The proper owner of @N, one Naoki Hiroshima is using it to plead his interests.

Hiroshima, who is a software developer, was the victim of a social engineering attack on his much-prized Twitter handle, an account for which he claims to have been offered $50,000.

In a blog post entitled "How I Lost My $50,000 Twitter Username" he reveals the tale as well as the pattern of incidents that revealed it to him.

"While eating lunch on January 20, 2014, I received a text message from Paypal for one-time validation code. Somebody was trying to steal my Paypal account. I ignored it and continued eating," he said.

"Later in the day, I checked my email which uses my personal domain name (registered with Godaddy) through Google Apps. I found the last message I had received was from Godaddy with the subject "Account Settings Change Confirmation." There was a good reason why that was the last one."

While the option to contact Godaddy was there, Hiroshima failed in the face of an attacker who had already been there and changed details such as what credit card was associated with the account. He was unable to resolve the issue through the help desk.

At the same time he was being contacted through Facebook by someone who wanted the access to the Twitter account. In one email he was offered the chance to swap over control of the @N name in return for his lost access to his Godaddy properties.

"I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact," the person offered.

"Would you be willing to compromise? Access to @N for about [five] minutes while I swap the handle in exchange for your Godaddy, and help securing your data?"

With no assists from Godaddy, Hiroshima capitulated and paid out on the ransom. He said that he was offered the chance to find out how it happened and was informed that some financial information was easily finagled out of Paypal through a socially engineered approach.

"I called Paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling Paypal and asking the agent to add a note to your account to not release any details via phone)," came the response.

"I called Godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten Godaddy account security."

Paypal has responded to this with a post on its website that says that customer data and security are treated seriously. It said that it has reached out to Hiroshima, adding that no data was compromised.

"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting Paypal. Paypal did not divulge any credit card details related to this account," it said.

"Paypal did not divulge any personal or financial information related to this account. This individual's Paypal account was not compromised."

Godaddy told us in a statement that by the time the hacker came to its door a lot of the damage had already been done. It said that an employee was grifted into handing over information, but added that it will be making sure that such things do not happen again.

"Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account," said Todd Redfoot, CISO.

"The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?