Man Extorted out of his Twitter Username
On January 20th Naoki Hiroshima discovered that his PayPal & GoDaddy accounts had been breached, and domains stolen.
The hacker had control over his email, websites, and online finances, while Naoki was powerless to protect himself. He was at the mercy of the attacker who stole his accounts.
By the time that Naoki was able to get into contact with GoDaddy customer support, the attacker had already changed the account information & registration information for his domains. Unfortunately this meant that Naoki would not be able to recover the domains because there was no way that GoDaddy would be able to verify that he was in fact the original owner of the account.
The hacker however, contacted Naoki in hopes to make a deal with him. In exchange for Naoki’s Twitter account, @N, he would return the domain names & help him secure his properties. Naoki agreed and, as promised, his other properties were returned.
As it would have it, the attacker leveraged human exploitation methods to obtain the PayPal & GoDaddy accounts, in what appears to be a sophisticated attack.
The hacker called up PayPal, pretending to be another employee, where he was able to trick someone (on the first call!) into giving him part of Naoki’s credit card number. The attacker then called GoDaddy, where he was able to verify that credit card to obtain access to the domain names.
Fortunately the emails under his domains were not responsible for recovering his Twitter accounts, otherwise the attack could have left Naoki completely drained of absolutely everything. Naoki had something to leverage the attacker for his web & email properties back.
UPDATE: GoDaddy has commented on the situation with Naoki. They have investigated the attack & access to Naoki’s account was restored.
— GoDaddy (@GoDaddy) February 1, 2014