Naoki Hiroshima was once offered $US50,000 for a single-letter Twitter handle he acquired in 2007, @N. He says no longer owns the handle thanks to a savvy, aggressive hacker and security flaws with GoDaddy and PayPal. He detailed what happened on Medium.
First, Hiroshima says the hacker tried some normal ways to access the account. This person allegedly sent Facebook messages prompting Hiroshima to change his Twitter email and password. The hacker also contacted Twitter and asked them to resend the password. Twitter wouldn’t without more information, so the hacker went a more aggressive route.
The hacker noticed Hiroshima had a GoDaddy account and that he had registered a number of domain names on it. The domains were paid for with a credit card Hiroshima had connected to PayPal. The hacker, according to Hiroshima, was able to gain access to all of the domains on GoDaddy by figuring out just a few numbers on the credit card. The hacker later explained this to Hiroshima in an email:
I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
Once the hacker had control of the valuable GoDaddy account, Hiroshima says he was black-mailed for his Twitter handle. Here’s an email he says the hacker sent him:
I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5minutes while I swap the handle in exchange for your godaddy, and help securing your data?
Hands tied, Hiroshima gave up @N. Now he owns @N_is_stolen.
Business Insider Emails & Alerts
Site highlights each day to your inbox.