A programmer in Palo Alto, California, claims to have been extorted out of a rare, single-letter Twitter handle – after an unknown assailant gained access to his accounts on other online services and held them hostage. In a blog post detailing the incident, Naoki Hiroshima said he had owned the @N Twitter account since 2007, but …
Man, that sucks. Not only for the victim of the extortion, for losing such a username that he obviously liked, but for everyone, because with such ruses being widely employed, it's going to make it more difficult for legitimate people to recover accounts from online services. It's already damned difficult enough for most folks to follow through the steps. There's always something they don't have or don't get.
His life was basically in that creep's hands. It's a good thing the thief wasn't unnecessarily cruel.
Has anyone actually thought that 'Naoki Hiroshima' may not be who he says he is?
Is he trying to steal the @N?
Now that would be good social engineering.
@N has an efficiency to it
If you only have 140 characters.
Sorry to hear the poor chap's plight at the hands of extortion though, and even sorrier that someone wanted a (clearly not anonymous) twitter username enough to resort to it.
Re: @N has an efficiency to it
but how many people include their own user name in the 140 characters they type?
Re: @N has an efficiency to it
Oh, someone has something that I haven't got. I have to do anything to get hold of it. Doesn't matter how it seems to everyone.
As a species, humanity hasn't really progressed much, at all.
Speak for yourself please :-)
Don't believe the hype
I had a look through all the one-letter twitter users yesterday. Not one looks like its been taken over by spammers, and many look idle, with single-digit numbers of posts and few followings. If @N is worth $50k, surely @I [https://twitter.com/i/] is worth even more, yet whoever has it is just doing nothing. Either they are waiting for a better offer, or @N is special, or the $50k offers are scams, or twitter usernames aren't worth $50k.
I do have a four-digit slashdot ID I'd let you have for £10k though.
One bit I don't get is how GoDaddy support can't recover an account where the personal data has been changed.
Surely that's the first thing any hacker is going to do. When I phone up and say my first pet's name was Spot and they say no it ain't - they can see that the answer was only changed yesterday and has been Spot for the last ten years? Otherwise what the fuck is the point of any of these security questions?
Obviously it makes it harder, as you don't know if the answer was changed because the real user had been hacked and got to the account first. So you'd have to suspend the account and try to work out which of the two people was genuine.
Err, so rather than accept and give up such a name, why did he not just call up GoDaddy, prove who he is on the phone and reset the password and regain control of his domains. Presumably the rather simple solution to the problem.
I simply can not believe GoDaddy can't restore an account, they must keep logs of changed data!
He _did_ contact GoDaddy first, but they declined to help him.
I think before your RTFA, you should note i said I don't believe that they can not access logs of this changed data and that it is their company policy not to look into the issue. I feel he should have barked up that tree a little more before giving up his username.
How would he prove to GoDaddy who he was?
All GoDaddy know about him is what it said on his account, and the hacker had already changed all that.
This would only work if...
The world knows his PayPal ID. Does he advertise it on his web site for random donations or something? If he doesn't then chances are that he's had dealings with the thief and therefore he would be easier to find.
Besides that, since it's known that people make their PayPal ID known to world+dog, surely the weak point is in PayPal for using just that one (public) item to give the last 4 digits of the card without saying "go log in and find out yourself, dimwit".
My life would be so much more secure if I didn't have to keep giving companies security information. *sigh*.
Am I missing something, or is this an old story? He starting tweeting from N_is_Stolen back in July 2011, maybe even further back than that but my browser stopped there and I got bored of scrolling.
Re: How old?
"Am I missing something, or is this an old story? He starting tweeting from N_is_Stolen back in July 2011, maybe even further back than that but my browser stopped there and I got bored of scrolling."
This is just a guess, but perhaps he had more than one account; @N and @something_else, and only ever posted from the latter. Then, when the @N account was extorted from him as described in this article, he renamed @something_else to @N_is_stolen - when that happens, all the previous tweets on that account would show as being from @N_is_stolen.
Re: How old?
Makes sense.. Didn't realise you could rename Twit accounts
Re: How old?
From his blog post (linked in article) he says he renamed @N to @N_is_stolen, releasing @N to be taken by someone else. Assuming the whole thing is genuine.
Doesn't make a lot of sense though. Surely the main reason for wanting the account was for access to all the followers (for some nefarious purpose?) who would still be on the renamed account. Or to sell, but it'll always be questionable whether it'll be returned.
"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal. PayPal did not divulge any credit card details related to this account. PayPal did not divulge any personal or financial information related to this account."
Reminds me of what Barclaycard claimed in my case a few years back. Based on their actions and comments, though, I didn't believe them.
(Call to check the validity of two transactions, one for £3, one for over £3K. I didn't recognise either, but while the person I spoke to expected that for the £3, they were surprised about the £3K one. It then emerged 'I' had called them to approve that transaction... which later turned out to be several calls, including one to set up online access - even though I already had online access. My access was blocked while this was resolved. They then denied that the caller had defeated their security to approve that transaction, and hadn't been able to set up new online access.)
Danger Will Robinson! Danger!
If they can do it to GoDaddy, they can do it elsewhere as well.
deeply regrets any inconvenience this may have caused (but don't expect any compensation).
Because paying the ransom always solves the problem and makes the extortionists go away.
- Comment Renewable energy 'simply WON'T WORK': Top Google engineers
- Game Theory Dragon Age Inquisition: Our chief weapons are...
- 'How a censorious and moralistic blogger ruined my evening'
- Leaked screenshots show next Windows kernel to be a perfect 10
- Amazon warming up 'cheapo web video' cannon to SINK Netflix