GoDaddy and PayPal issued statements today following a dramatic account information and Twitter handle heist occurred this week. N Methods CEO Naoki Hiroshima was the target of the attack and lost his much-coveted @N Twitter handle in the process. GoDaddy admitted that one of its customer service representatives was a victim of social engineering and admitted responsibility.
Hiroshima's Twitter handle, @N, is one of the most iconic and desired handles in the world. Hiroshima stated that in the past, someone offered him $50,000 for his Twitter handle. After an impressive feat of hacking, an unidentified hacker pretended to be Hiroshima and bypassed the security procedures of GoDaddy and PayPal to access Hiroshima's email address. From there, the hacker reset Hiroshima's accounts and proceeded to threaten Hirioshima.
"I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact," the hacker reportedly wrote to Hiroshima. "Would you be willing to compromise? access to @N for about 5 minutes while I swap the handle in exchange for your godaddy, and help securing your data?"
Hiroshima took the bait and the hacker finally took over the @N Twitter handle. Hiroshima changed his Twitter to @N-is_Stolen and began to fight back. HIroshima demanded answers from PayPal and GoDaddy. He also went after Twitter for allowing the heist to happen in the first place.
The hacker claimed that he got the last four digits of Hiroshima's credit card account from PayPal and then called GoDaddy to get the rest.He used social engineering techniques to trick the representative into letting him guess the other two numbers required to access and reset Hiroshima's GoDaddy account. PayPal responded quickly to claims that its security procedures were at fault for the attack.
"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal," the company wrote in a statement on its website. "Our customer service agents are well trained to prevent social hacking attempts like the ones detailed in this blog post. We are personally reaching out to the customer to see if we can assist him in any way."
GoDaddy followed suit, but was forced to make a more uncomfortable admission: one of its representatives fell victim to social engineering and allowed the hacker to take over Hiroshima's account.
"Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy," the company wrote in a statement obtained by Tech Crunch. "The hacker then socially engineered an employee to provide the remaining information needed to access the customer account."
"The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers," the company added. "We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques."
In the meantime, Hiroshima continues to work tirelessly to regain his famous Twitter handle.