Yesterday Naoki Hiroshima, an Echofon developer, posted an article about how he lost his extremely short Twitter handle @N in an extortion scheme. Hackers compromised his GoDaddy account with social engineering (calling and lying to an account rep), gaining access to his email on a personal domain.
They said that they gained access via a similar call to PayPal, who the hacker claimed gave them the last four digits of Hiroshima’s credit card. They then used that CC info to convince GoDaddy that they were the owner of the domain, and reset his login information.
They used that data to leverage Hiroshima into giving them — under duress — his low-character-count Twitter user name @N. This, it turns out, was the point of the entire affair from the beginning.
PayPal has since investigated and claims that it never gave out Hiroshima’s credit card number or any other personal information —…
View original post 589 more words