Elaborate Hack Steals Rare Twitter Handle @N

Twitter Account Hacked By Holding PayPal, GoDaddy Ransom

 @neato_itsdennis on January 30 2014 5:53 PM
Twitter
The microblogging platform hasn't changed much since its debut eight years ago. Reuters

A social drama is unfolding on Twitter after a longtime user had his rare single character handle @N hacked and stolen. The attackers went through great lengths to get the much-coveted handle.

Why is this hacking so significant? All of the 26 single-character handles on Twitter vanished soon after the microblogging service exploded in 2007. Naoki Hiroshima was one of those lucky 26 people to grab one before it did. He had the handle for nearly seven years and claims he was offered $50,000 for it.

He also said people have tried to steal it multiple times in the past but have failed, but this time was different. Instead of directly hacking the Twitter account, the hacker went after his other online assets.

First he convinced PayPal to give him the last four digits of Hiroshima’s credit card over the phone and then got the rest from GoDaddy. This allowed him to change all of the information on the accounts; he effectively stole and leveraged them against Hiroshima to bargain for the Twitter account.

After that the attacker bargained with Hiroshima via Facebook (he stole that too), asking for his Twitter account in exchange for the immense information he had grabbed from Hiroshima. Hiroshima decided to cut his losses and gave up his Twitter account. Remarkably, the attacker explained each step in his attack and even gave Hiroshima tips on how he could “secure” himself in the future.

Hiroshima largely blames GoDaddy and PayPal for the compromise and offers up advice to account holders: Don’t let websites use your credit card information as verification credentials.

In a statement, PayPal denied they gave out any information related to Hiroshima’s account and says the account was not compromised at all. GoDaddy on the other hand, admits that a representative was “socially engineered” to give away Hiroshima’s information.

@N is now a largely blank twitter page that’s name is ‘Follow Badal_NEWS’. It has zero tweets. BADAL_NEWS is a protected account with a combined English and Urdu bio, almost 5,000 tweets and over 400 followers. Hiroshima is now going by the handle @N_is_stolen.

Join the Discussion