In a post on Medium Naoki Hiroshima explains how his account was hacked, how he got no help from Go Daddy, and the topper THE HACKER told him how he compromised his account.
This was one wild story to read, like the fact that Naoki Hiroshima says he has turned down $50,000 for the Twitter handle @N which he registered in 2007, that his Go Daddy account was hacked and then the hacker offered a deal, his Go Daddy account for @N.
From the article:
I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox. As of today, I no longer control @N. I was extorted into giving it up.
While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.
Also from the article:
PayPal and GoDaddy Facilitated The Attack
I asked the attacker how my GoDaddy account was compromised and received this response:
From: <firstname.lastname@example.org> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
– I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
– I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to
recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
Go Daddy and Paypal have some serious explaining to do if everything laid out here is true. Paypal should never be telling the card owner the last four digits of their own credit card.
Read the full story here