Just read this article on a guy who lost his rare Twitter username. It's a good read and quite shocking how certain companies were giving the information out so easily.


I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox.

As of today, I no longer control @N. I was extorted into giving it up.

Read the full article by going to: http://thenextweb.com/socialmedia/2014/01/29/lost-50000-twitter-username/?fromcat=all

What are peoples thoughts on this?

May be a very elaborate story behind someone trying to sell the handle @N and then being scammed, but can't come out about it because it's against Twitter TOS and there would be no legal remedy. I have seen that happen more than often involving people with desirable Twitter handles.

Poor guy but if his story is held to be true.

The fact that Paypal gave out the last 4 digits of the card number over the phone is pretty disgusting, also with the fact that he was "Pretending to be an employee" probably helped with this data been released, it's shocking how they wouldn't go through some sort of staff validation process...

As for GoDaddy allowing the hacker to simply guess the first 2 digits of this chaps card number is also very ridiculous, My domain's are registered there, and I'm going to transfer later, and when they send me the whole "why have you decided to leave us" email, I'll link them to this article.

I've always had a note on my Paypal account to not release anything over phone/email/mail unless they have hard proof it's me, that part is common sense, but not still, they should know to not do this without been told by the customer.

Surely he can contact twitter, providing all the details the account @N was originally registered with and explain what happened?

The fact that Paypal gave out the last 4 digits of the card number over the phone is pretty disgusting, also with the fact that he was "Pretending to be an employee" probably helped with this data been released, it's shocking how they wouldn't go through some sort of staff validation process...

As for GoDaddy allowing the hacker to simply guess the first 2 digits of this chaps card number is also very ridiculous, My domain's are registered there, and I'm going to transfer later, and when they send me the whole "why have you decided to leave us" email, I'll link them to this article.

I've always had a note on my Paypal account to not release anything over phone/email/mail unless they have hard proof it's me, that part is common sense, but not still, they should know to not do this without been told by the customer.

Surely he can contact twitter, providing all the details the account @N was originally registered with and explain what happened?

I know the people at The Verge who also posted the article have asked Twitter if they are helping him get the account back. Their article is at: http://www.theverge.com/2014/1/29/5356866/twitter-n-account-attack-naoki-hiroshima-godaddy-paypal

- - - Updated - - -


May be a very elaborate story behind someone trying to sell the handle @N and then being scammed, but can't come out about it because it's against Twitter TOS and there would be no legal remedy. I have seen that happen more than often involving people with desirable Twitter handles.

Poor guy but if his story is held to be true.

It is probably due. Looking at the comments on some of the articles some say that high value domains keep being stolen from GoDaddy accounts in a similar way.

----

Also just come across this comment on an article: http://d.pr/n/KUMK who had the @JB twitter account and has similar problems as well.

When I saw this I thought, oh my god, get over it - it's a username! But then when you get to the last bit it's actually scary what companies will give away without your knowledge.

It's also baffling to me how people are so obsessed with getting 'rare' accounts - not only on Twitter but like, Habbo, too, it's so inconsequential.

Having said that I'd love Twitter to clear out old usernames...

Lmao well there goes my trust in PayPal.

I'm genuinely quite shocked how easily those companies ''gave in'' (basically).

When I saw this I thought, oh my god, get over it - it's a username! But then when you get to the last bit it's actually scary what companies will give away without your knowledge.

It's also baffling to me how people are so obsessed with getting 'rare' accounts - not only on Twitter but like, Habbo, too, it's so inconsequential.

Having said that I'd love Twitter to clear out old usernames...

A username worth $50,000. I'd be more than angry if I lost a potential $50,000.

A username worth $50,000. I'd be more than angry if I lost a potential $50,000.
Well I know but he made it clear he had no intention of selling it, he hasn't lost $50,000 at all! (I have this exact same inner angry monologue every time Deal or No Deal is on)

Well I know but he made it clear he had no intention of selling it, he hasn't lost $50,000 at all! (I have this exact same inner angry monologue every time Deal or No Deal is on)

He lost the chance of getting $50,000. Deal or no deal depends on what way you view it from. You can't say 'I lost £250,000'. But you can say 'You lost the chance to have £3,000' if the Dealer offered you £3,000.

Had enough problems with PayPal, Horrible they gave his 4 digits of the credit card out mind.

If he hadn't used the account since 2007 and was offered 50k for it why didn't he just sell the damned thing :S also wouldn't it be kinda easy to work out who stole it since they now have that account...

aaaaaaaaaaand this is why you should use two factor authentication on everything you can

If he hadn't used the account since 2007 and was offered 50k for it why didn't he just sell the damned thing :S also wouldn't it be kinda easy to work out who stole it since they now have that account...

Because he's a freelance programmer/designer, so probably on 200k+ anyway.


aaaaaaaaaaand this is why you should use two factor authentication on everything you can

He did!

Because he's a freelance programmer/designer, so probably on 200k+ anyway.



He did!
oh yeah :D

paypal and godaddy sucks then

Oh my god that's terrible. I can't believe who easy he got control of it.

Read it this morning. When I saw "GoDaddy" it was enough to think "'nuff said".

If Twitter, PayPal and Godaddy have any sense they will work hard to right these obvious wrongs. Giving out credit card details and letting people guess the first 2 digits violates so many protocols on data protection. It should have sent alarm bells ringing that the person they were talking to did not own the accounts, and all this for an @N twitter account. How pathetic is this person, and how stupid are these companies for letting this happen?

Meh I still wouldn't turn down 50k for something I'm never gonna use

A time consuming job on the attackers part, but I suppose worth it for a $50,000 twitter account (I don't actually think anyone would pay this stupid figure...)

I hope paypal, godaddy and twitter resolve this although I assume this attacker is going to be untraceable!

Interesting tweet from PayPal

428572043378835457

So who's telling the truth? Then again the guy just got the information for the "hacker".

TheVerge:


Update: Paypal has released a brief statement relating to this hack on Twitter, saying that "our investigation confirmed PayPal did NOT disclose any credit card details. More info soon." This would be in direct conflict to the original story posted by Hiroshima which said that Paypal released the last four digits of his credit card to hackers, allowing them to gain access to his GoDaddy account. We'll be keeping an eye to see what else Paypal has to say about its involvement in this hack.

http://www.theverge.com/2014/1/29/5356866/twitter-n-account-attack-naoki-hiroshima-godaddy-paypal

If he has to blamed for anything, he has to be blamed for using GoDaddy. Why anyone still uses that company is beyond reason.

Meh I still wouldn't turn down 50k for something I'm never gonna use

Maybe he planned to use it as I own a few domains for example that aren't in use at the moment but will be eventually. Also they probably would have wanted the twitter first before the money as it was a large amount and then would have just refused to pay. Twitter wouldn't be able to help with that as it's against their terms to sell a username.

As for the incident it just shows how untrustworthy companies are but the sad thing is nothing much will happen.

A further update from PayPal: https://www.paypal-forward.com/leadership/paypal-takes-your-security-seriously/

so who do you guys think is lying

so who do you guys think is lying

GoDaddy Admits Hacker’s Social Engineering Led It To Divulge Info In @N Twitter Account Hack


GoDaddy Chief Information Security Office Todd Redfoot issued TechCrunch the following a statement about the hack:

Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers.


Read the full article at:
http://techcrunch.com/2014/01/29/godaddy-admits-hackers-social-engineering-led-it-to-divulge-info-in-n-twitter-account-hack/

You can also follow and read the tweets from the actual guy who used to own the @N account at: https://twitter.com/N_is_stolen

i'm good at social engineering

whats your mothers maiden name matt g

You can also follow and read the tweets from the actual guy who used to own the @N account at: https://twitter.com/N_is_stolen
I like how another registrar is advertising itself based on how bad GoDaddy is, even so far as to advertise domain transfers. Why anyone is with GoDaddy though is shocking. It was decades ago now since it was a legitimate, reputable company...

A username worth $50,000. I'd be more than angry if I lost a potential $50,000.

I was thinking if I owned that account and they offered me $50,000 I'd take it!

PayPal is a shoddy company but those that believed they gave out the CC information are fools - they wouldn't do this. Just because the guy who stole his Twitter handle made the claim, doesn't mean it's true. If he said he called up the "victim's" bank and retrieved the CC info, would people still believe the claim?

This was another GoDaddy **** up and another of many reasons people shouldn't be influenced by their marketing (read: godaddy super bowl), it's time folks started using a reputable domain registrar, not those with big advertising budgets.

- - - Updated - - -


so who do you guys think is lying

The guy who stole the Twitter username fo' sure.

I am disgusted that something like this could happen, as I feel something like a rare username or web domain is an untapped currency for a lot of people like @N and anything like what has happened shouldn't. I think @N should be able to prosecute, really. It's theft, even if the item is virtual...

Well after reading this yesterday and my host Namecheap recently launching its own Two-Factor authentication service, I have just turned mine on. As for GoDaddy, after reading all the issues I like many others am surprised they are still around and that they still have customers

NameCheap did have issues in the past where they slipped up with one of the Habbox domains but I assume since 2012 this has now been corrected. If anyone doesn't remember what happened in 2012 then you can go to the following: http://www.habboxforum.com/showthread.php?t=750262&p=7555876#post7555876

Although I do use Namecheap personally and haven't had any issues so far.

GoDaddy is a foul company. I have never registered a domain with them and domains I've purchased from other people I've moved away from GoDaddy upon expiry. AVOID.

I can't believe they wouldn't have logged in their system that the account info had been changed, and that they weren't able to comprehend the fact that if an account's details have suddenly changed and the previous owner, who can prove their identity, is saying the account was stolen, then the account has more than likely been stolen.

Just saw this on BBC news as well http://www.bbc.co.uk/news/technology-25963662 and reminded me of the thread.

This is absolutely crazy...