Man claims hacker took PayPal, GoDaddy accounts hostage in exchange for his ...

Facebook

Naoki Hiroshima says he was extorted into giving up his valuable single-letter Twitter name after a hacker staged an elaborate online attack that infiltrated his PayPal and GoDaddy accounts.


A California man claims his online accounts were held hostage by a hacker in exchange for the rights to his $50,000 Twitter handle.


'I had a rare Twitter username,' Naoki Hiroshima wrote in an online post Tuesday addressing the step-by-step takeover of his one-letter handle: @N.


'I've been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox,' he claimed. 'As of today, I no longer control @N. I was extorted into giving it up.'


According to the unknown villain, whose emails to Hiroshima were documented in his post, all that the attacks required was some 'very simple engineering tactics.'


In an email detailing his steps - after the Twitter handle was acquired - the hacker claims to have simply called up websites PayPal and GoDaddy to gain access to Hiroshima's accounts.


RELATED: MICHAELS INVESTIGATING CREDIT CARD BREACH

In order to convince the companies that he was the rightful owner of the accounts, they allegedly asked him to provide the number of a credit card belonging to Hiroshima that they had on file.


With Paypal, the attacker claimed, 'I called paypal and used some very simple engineering tactics to obtain the last four of your card.'


With GoDaddy: 'I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers,' or 'guess,' as he so claimed.



Incredibly, he apparently guessed right.


On Jan. 20, just before 3 p.m., Hiroshima received a threatening email from the man, declaring his ransom request.


RELATED: 'REVENGE PORN KING' HUNTER MOORE CHARGED IN NUDE-PHOTO HACKING

'I would also like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by GoDaddy and never seen again,' he wrote.


'I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5 minutes while I swap the handle in exchange for your godaddy, and help securing your data?' the message continued.


Less than two hours later, Hiroshima received an email from GoDaddy confirming the attacker's success.


'You are not the current registrant of the domain name,' the email, sent to him in response to his request for help changing his account information, allegedly read.


Hiroshima received one last warning email from the hacker before he relinquished his coveted Twitter handle to the online villain by changing it to: @N_is_stolen.


RELATED: N.Y. MERCHANTS AMONG THOSE TARGETED BY CREDIT CARD DATA HACKERS: CYBERCRIME FIRM

Minutes later he received a reply from the hacker containing his new GoDaddy password and a seemingly friendly step-by-step guide on how to pull off his theft.


On Wednesday, PayPal publicly addressed what they called a 'difficult situation' for one of their customers but one they claim they did not have a part in.


'We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal,' they stated.


Aside from this they insist that no credit card details related to Hiroshima's account were released and his PayPal account was not compromised.


GoDaddy also released a statement.


RELATED: SECRET GOVERNMENT BULLETIN DESCRIBES TARGET CYBER ATTACK

'Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy,' it read in part.


The company admitted that an employee was 'socially engineered' by the hacker but they said they are making 'necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.'


The Twitter handle @N appeared to be removed by Wednesday night. Hiroshima tweeted that the guy who stole it apparently deleted it - though it's unable to be acquired.


In advice to others, Hiroshima recommended that Internet users not allow websites like PayPal and GoDaddy save credit card information on file.


'I just removed mine. I'll also be leaving GoDaddy and PayPal as soon as possible,' he wrote.


ngolgowski@nydailynews.com


Comments

Post a Comment

Popular posts from this blog

5 Reasons iPhone 6 Won't Be Popular

Image
The majority of users are waiting for the next smartphone from Apple - iPhone 6 – this year. Unfortunately, the hype around iPhone began to gradually subside with each passing year after the 4th model launched. Therefore, it is possible that the sixth iPhone model of  will not be nearly as popular as it was in the beginning. Global audience perceived iPhone 4S and iPhone 5 much cooler than its early models New iPhones will not cause that “wow”-effect, which was in the beginning, when Steve Jobs' presentations caused a delight and admiration of every new Apple gadget. Some leaked photos of iPhone 5S prototype show that it does not differ from its predecessor at all. Therefore, all hopes for something radically new in design and features are laid on iPhone 6. And if Apple is no longer holds its standards, that seem to be a little bit old-fashioned already, it is unlikely that iPhone 6 will be interesting for people next year. 5 main reasons can be found to think like
Read more

Eset nod32 ativirus 6 free usernames and passwords

Image
                              Hi friends,after little long time I'm going to write again about eset nod 32 antivirus.As I told in previous post if you are user on windows 8 Eset nod 32 is the best antivirus for your personal computer.the latest product eset nod 32 antivirus 6 has special features with 100% really working.Not need to purchase full version from buying it.Download the eset nod 32 trial version and activate your est antivirus from below updated usernames and passwords. Firstly I would like to tell something about est nod32 antivirus 6. The latest product having: Eset smarter scan  Scan while downloading something Anti-Theft Idle-state scanning Clean and safe E-mail Removable media security system tools         Download Eset nod32 antivirus 6 Trial version Here     After downloading Eset nod32 Antivirus activate it using below usernames and passwords. Username: EAV-30326836                                       Password: ccka4dvsuv Expire: 16-10-2013 Username:EAV-79084
Read more

Apple's self

USA TODAY Apple's self-driving car racing toward reality, report saysUSA TODAYSAN FRANCISCO - Apple's self-driving car effort, code-named Project Titan , is more reality than rumor, according to documents obtained by the British newspaper The Guardian. Engineers working for the Cupertino-based tech hardware giant met in May with ...Apple Is Getting Closer to a Self-Driving CarTIMEApple is reportedly looking at places to test its self-driving carThe VergeApple eyes former naval base in California to test 'Project Titan' self ...Apple InsiderThe Independent -Business Insider -Cult of Macall 10 news articles »
Read more