It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Noki Hiroshima is the creator of Cocoyon and a developer for Echofon. This post originally appeared on Naoki’s Medium blog and has been republished with permission.
Update: PayPal has denied that its customer service representative divulged credit card information over the phone. GoDaddy has admitted partial responsibility for the incidents. Finally, the @N account itself is actually in someone else’s hands, after Twitter made it available after initially deactivating it.
I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox.
As of today, I no longer control @N. I was extorted into giving it up.
PayPal and GoDaddy Facilitated The Attack
I asked the attacker how my GoDaddy account was compromised and received this response:
From: SOCIAL MEDIA KING
To: Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to
recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. source
Redfoot also says that GoDaddy is “making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.”
reply to post by Komodo
Well, if that is legitimate and there isn't a whole lot more than he's choosing to tell anyone about? He has a clear cut and very obvious civil suit to file here, IMO, and it should bring him considerably more than $50,000 by the end of things. Maybe add a zero to that, if pushed out to a Jury verdict.
I hope he intends to pursue it beyond rants on the Internet. Nothing stops unless people take the time to MAKE it stop...and law suits are, sadly, the most effective means when those involved figure they can just walk away from a serious wrong that hasn't been made right.
"Evolving hacker techniques?" This tactic has been used for awhile. Kevin Mitnick
Same thing happened with my PHONE NUMBER because it is(was) in the format (###) X00-000!!!
I had paid an associate at a major telecom company 10 years ago 5 figures for it, for my landscaping business. One day, it was ported out an being used for a VIP limo-with-live-escorts XXX service!