Hacker steals Naoki Hiroshima’s @N Twitter username by holding GoDaddy domain names hostage

Posted Jan 29, 2014

Naoki Hiroshima, the CEO of N Methods, had the Twitter username @N. He was even offered $50,000 for the Twitter username at one point. But a hacker stole his username. Here is how it happened.

Last week, Hiroshima was unable to log into his GoDaddy account. The Godaddy account has both of his domain names and vanity e-mail address. Hiroshima called GoDaddy to find out why he was unable to log into his account and was asked to verify the account. He was not able to verify the account though.

Shortly after that, Hiroshima received an e-mail from a hacker that said he accessed his GoDaddy account and changed all of the personal information so that it was not accessible to him anymore. The hacker said that he wanted full control of the @N Twitter username in exchange.

“I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact,” said the hacker in the e-mail. “Would you be willing to compromise? access to @N for about 5 minutes while I swap the handle in exchange for your godaddy, and help securing your data?”

Hiroshima realized that he would likely lose control of his domain names unless he gave up the @N username. Hiroshima created the Twitter username @N_is_Stolen and gave the username @N to the hacker. He was given his GoDaddy account back.

The hacker offered how he was able to access the GoDaddy account. He said that he called PayPal to get the last four digits of his card. He also called GoDaddy and was allowed to guess numerous times what the last four digits of the card on the file was to verify that he had access to the account.

“It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification,” stated Hiroshima in a blog post.

PayPal has denied that they offered Hiroshima’s credit card details or any personal information or any financial information related to his account. The account was either removed by Twitter or was deleted today.

[Source: TNW]