back to article Developer's rare $50,000 Twitter account @N stolen in web shakedown

A programmer in Palo Alto, California, claims to have been extorted out of a rare, single-letter Twitter handle – after an unknown assailant gained access to his accounts on other online services and held them hostage. In a blog post detailing the incident, Naoki Hiroshima said he had owned the @N Twitter account since 2007, …

COMMENTS

This topic is closed for new posts.
  1. Grogan Silver badge

    Man, that sucks. Not only for the victim of the extortion, for losing such a username that he obviously liked, but for everyone, because with such ruses being widely employed, it's going to make it more difficult for legitimate people to recover accounts from online services. It's already damned difficult enough for most folks to follow through the steps. There's always something they don't have or don't get.

    His life was basically in that creep's hands. It's a good thing the thief wasn't unnecessarily cruel.

    1. Anonymous Coward
      Anonymous Coward

      Has anyone actually thought that 'Naoki Hiroshima' may not be who he says he is?

      Is he trying to steal the @N?

      Now that would be good social engineering.

  2. Cliff

    @N has an efficiency to it

    If you only have 140 characters.

    Sorry to hear the poor chap's plight at the hands of extortion though, and even sorrier that someone wanted a (clearly not anonymous) twitter username enough to resort to it.

    1. Anonymous Coward
      Anonymous Coward

      Re: @N has an efficiency to it

      but how many people include their own user name in the 140 characters they type?

      1. solo

        Re: @N has an efficiency to it

        M :)

  3. Anonymous Coward
    Anonymous Coward

    Greed

    Oh, someone has something that I haven't got. I have to do anything to get hold of it. Doesn't matter how it seems to everyone.

    As a species, humanity hasn't really progressed much, at all.

  4. Anonymous Coward
    Anonymous Coward

    Greed..

    Speak for yourself please :-)

  5. baz rowlingson
    FAIL

    Don't believe the hype

    I had a look through all the one-letter twitter users yesterday. Not one looks like its been taken over by spammers, and many look idle, with single-digit numbers of posts and few followings. If @N is worth $50k, surely @I [https://twitter.com/i/] is worth even more, yet whoever has it is just doing nothing. Either they are waiting for a better offer, or @N is special, or the $50k offers are scams, or twitter usernames aren't worth $50k.

    I do have a four-digit slashdot ID I'd let you have for £10k though.

  6. This post has been deleted by its author

  7. I ain't Spartacus Gold badge

    One bit I don't get is how GoDaddy support can't recover an account where the personal data has been changed.

    Surely that's the first thing any hacker is going to do. When I phone up and say my first pet's name was Spot and they say no it ain't - they can see that the answer was only changed yesterday and has been Spot for the last ten years? Otherwise what the fuck is the point of any of these security questions?

    Obviously it makes it harder, as you don't know if the answer was changed because the real user had been hacked and got to the account first. So you'd have to suspend the account and try to work out which of the two people was genuine.

  8. bigtimehustler

    Err, so rather than accept and give up such a name, why did he not just call up GoDaddy, prove who he is on the phone and reset the password and regain control of his domains. Presumably the rather simple solution to the problem.

    I simply can not believe GoDaddy can't restore an account, they must keep logs of changed data!

    1. Michael Hutchinson

      RTFA

      He _did_ contact GoDaddy first, but they declined to help him.

      1. bigtimehustler

        Re: RTFA

        I think before your RTFA, you should note i said I don't believe that they can not access logs of this changed data and that it is their company policy not to look into the issue. I feel he should have barked up that tree a little more before giving up his username.

    2. Gav

      What proof?

      How would he prove to GoDaddy who he was?

      All GoDaddy know about him is what it said on his account, and the hacker had already changed all that.

  9. Billa Bong

    This would only work if...

    The world knows his PayPal ID. Does he advertise it on his web site for random donations or something? If he doesn't then chances are that he's had dealings with the thief and therefore he would be easier to find.

    Besides that, since it's known that people make their PayPal ID known to world+dog, surely the weak point is in PayPal for using just that one (public) item to give the last 4 digits of the card without saying "go log in and find out yourself, dimwit".

    My life would be so much more secure if I didn't have to keep giving companies security information. *sigh*.

  10. You have not yet created a handle
    WTF?

    How old?

    Am I missing something, or is this an old story? He starting tweeting from N_is_Stolen back in July 2011, maybe even further back than that but my browser stopped there and I got bored of scrolling.

    1. VinceH

      Re: How old?

      "Am I missing something, or is this an old story? He starting tweeting from N_is_Stolen back in July 2011, maybe even further back than that but my browser stopped there and I got bored of scrolling."

      This is just a guess, but perhaps he had more than one account; @N and @something_else, and only ever posted from the latter. Then, when the @N account was extorted from him as described in this article, he renamed @something_else to @N_is_stolen - when that happens, all the previous tweets on that account would show as being from @N_is_stolen.

      1. You have not yet created a handle
        Thumb Up

        Re: How old?

        Makes sense.. Didn't realise you could rename Twit accounts

      2. SteveK

        Re: How old?

        From his blog post (linked in article) he says he renamed @N to @N_is_stolen, releasing @N to be taken by someone else. Assuming the whole thing is genuine.

        Doesn't make a lot of sense though. Surely the main reason for wanting the account was for access to all the followers (for some nefarious purpose?) who would still be on the renamed account. Or to sell, but it'll always be questionable whether it'll be returned.

  11. VinceH

    "We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal. PayPal did not divulge any credit card details related to this account. PayPal did not divulge any personal or financial information related to this account."

    Reminds me of what Barclaycard claimed in my case a few years back. Based on their actions and comments, though, I didn't believe them.

    (Call to check the validity of two transactions, one for £3, one for over £3K. I didn't recognise either, but while the person I spoke to expected that for the £3, they were surprised about the £3K one. It then emerged 'I' had called them to approve that transaction... which later turned out to be several calls, including one to set up online access - even though I already had online access. My access was blocked while this was resolved. They then denied that the caller had defeated their security to approve that transaction, and hadn't been able to set up new online access.)

  12. AbeSapian

    Danger Will Robinson! Danger!

    If they can do it to GoDaddy, they can do it elsewhere as well.

  13. AbeSapian

    GoDaddy ...

    deeply regrets any inconvenience this may have caused (but don't expect any compensation).

  14. EJ
    Facepalm

    Fail

    Because paying the ransom always solves the problem and makes the extortionists go away.

This topic is closed for new posts.

Other stories you might like