Bizarre hacking incident comes to a happy conclusion
Naoki Hiroshima, original owner of the @N handle on Twitter, claims he routinely fielded offers for his coveted username, including one that was as high as $50,000. People have also tried to steal the rare username from him, though those attempts were unsuccessful until a hacker applied some social engineering skills to ultimately force him to hand it over. It's a bizarre story that involves ineptitude on the part of both GoDaddy and PayPal, though there's a happy ending -- Hiroshima has his username back .
"This is a happy ending not only for me but also for sane employees and loyal users of Twitter's. Congrats to those, too," Hiroshima tweeted out with his original username.
Part of the reason Hiroshima's made headlines is because of the way the hacker managed to gain control of his account. He did it by first calling PayPal and using some "very simple engineering tactics" to gain the last four digits of Hiroshima's credit card. He then called GoDaddy and told them he lost his card but remembered the last four digits, which ultimately allowed him to gain control of Hiroshima's account and his domains.
"It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification," Hiroshima wrote in a blog post.
That's the condensed version of what happened (check out Hiroshima's blog post for a full account of events), but short and to the point, the hacker used the hijacked domains to extort the @N handle from Hiroshima. GoDaddy has since said it would review its policies to prevent those types of incidents from happening again, while PayPal essentially buried its head in the sand.