Hacker Steals $50,000 Twitter Account using GoDaddy, PayPal

Twitter handles can be worth a lot of money, making them a target for Internet thievery. Digital Trends reported in 2013 that some users receive legitimate offers to purchase their handles - the lucky user who secured @Chase was offered $20,000 by Chase Bank to transfer the name.

Unfortunately for one Twitter user, his unique handle "@N" put a $50,000 target on his back.

Hiroshima, a software creator and developer is no computer slacker, he had several layers of protection built into his accounts. Yet a hacker was still able to use GoDaddy and PayPal service representatives to steal his account information. (Credit: Creative Commons.)

Naoki Hiroshima, a software creator/developer, described the scary story of Internet hacking and extortion in his blog. He shared e-mail exchanges between GoDaddy and his attacker - who was bold enough to describe the very tactics he used to steal control of @N.

While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.

Later in the day, I checked my email which uses my personal domain name (registered with GoDaddy) through Google Apps. I found the last message I had received was from GoDaddy with the subject “Account Settings Change Confirmation.” There was a good reason why that was the last one.

At first, his story reads like someone who might have mishandled his information or left himself open for attack. But Hiroshima, the creator of an app called Cocoyon and a developer for another called Echofon, is clearly not an Internet novice. The hackers made their intent clear in subsequent e-mails to Hiroshima:

"From: SOCIAL MEDIA KING

To: <*****@*****.***> Naoki Hiroshima

Date: Mon, 20 Jan 2014 15:55:43 -0800

Subject: Hello.

I’ve seen you spoke with an accomplice of mine, I would just like to inform you that you were correct, @N was the target. it appears extremely inactive, I would also like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen again D:

I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5minutes while I swap the handle in exchange for your godaddy, and help securing your data?"

Hiroshima - who once had been offered $50,000 from a legitimate buyer for @N, had now been hacked and extorted for control of it.

He made several attempts to gain help from GoDaddy and PayPal, but the attacker was - shockingly - able to get the companies to reveal Hiroshima's credit card information over the phone and through help desk requests.

"From: SOCIAL MEDIA KING

To: <*****@*****.***> Naoki Hiroshima

Date: Mon, 20 Jan 2014 19:53:52 -0800

Subject: RE: …hello

- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)

- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to

recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)"

For the whole story, check out Hiroshima's blog. But maybe read it after you double-check your own passwords and accounts.

UPDATE: A spokeswoman from the MSLGroup said PayPal responded to this trending news story via their "AskPayPal" Twitter account (the link embedded in the tweet takes the user back to Hiroshima's original blog):

The Blaze will report any developments in this story.

[blackbirdpie url="https://twitter.com/AskPayPal/status/428572043378835457"]

(H/T: The Next Web)

--

Featured image courtesy of Creative Commons.

Follow Elizabeth Kreft (@elizabethakreft) on Twitter