Rare $50000 Twitter username stolen


One-character Twitter names are rare @N

The owner of the Twitter username @N claims it has been stolen from him by a hacker.

Naoki Hiroshima, a software developer from California, has had the Twitter handle @N since 2007.

In a blog post he said he had previously been offered $50,000 to sell it and people had tried to “steal” it before.

This time, he said, someone took control of other online accounts he had until he agreed to give it up.

Mr Hiroshima said his Twitter name was considered rare as it only contains one character.

He explained said that a hacker gained access to his GoDaddy account – a domain name registration service – and had changed the account settings to gain access to his personal email.

In a subsequent email exchange, the hacker told Mr Hiroshima that he had managed to access his GoDaddy account by learning the last 4 digits of his credit card number.

He claimed to have done this by contacting PayPal, where Mr Hiroshima has an account, and posing as an employee. Then he said he used “some very simple engineering tactics to obtain the last four [digits] of your card”.

Social engineering

In a statement PayPal denied that it had given out Mr Hiroshima’s details.

“We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer’s information by contacting PayPal.

“PayPal did not divulge any credit card details related to this account.”

GoDaddy said in a statement to news website TechCrunch that one of its employees had been “socially engineered” to provide the hacker with the information needed to access Mr Hiroshima’s account.

Social engineering is a method of tricking someone in to doing something they should not – in this case divulging confidential information.

In its statement GoDaddy said: “Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy.

“The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. ”

Irreversible disaster

Mr Hiroshima eventually gave up the @N Twitter handle after the hacker intimated that he would compromise data and websites owned by Mr Hiroshima.

“I remembered what had happened to @mat [Mat Honan’s digital presence was erased in an hour after attacks by hackers] and concluded that giving up the account right away would be the only way to avoid an irreversible disaster,” he wrote.

“I changed my username @N to @N_is_stolen for the first time since I registered it in early 2007.”

The hacker took control of the @N username and Mr Hiroshima had his access to his GoDaddy account returned.

“With my GoDaddy account restored, I was able to regain access to my email as well. I changed the email address I use at several web services.”

Mr Hiroshima said his advice to stop this happening to others is to not let companies store your credit card information and for companies to stop using it as a method of verification.

In response to why Twitter had not restored Mr Hiroshima’s access to the @N account a spokesperson said:

“While we don’t comment on individual accounts, we are investigating the report.”

In the latest development Mr Hiroshima tweeted from his new Twitter account that it seemed the hacker had deleted his old account.

“It seems the guy who stole @N from me just deleted the account. It’s available but unavailable to take.”

 Mr Hiroshima blog post 




Tags: ,
%d bloggers like this: