An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
Some of Our Sources
- Technology Review
- Web Designer Wall
- Just Creative
- Six Revisions
- Abduzeedo
- Wal You
- CSS Tricks
- Web Resource Source
- Codrops
- Hashedout
Help Webnuz
Referal links:
January 30, 2014 02:58 am GMT
Yesterday Naoki Hiroshima, an Echofon developer, posted an article about how he lost his extremely short Twitter handle @N in an extortion scheme. Hackers compromised his GoDaddy account with social engineering (calling and lying to an account rep), gaining access to his email on a personal domain. They said that they gained access via a similar call to PayPal, who the hacker claimed gave them the last 4 digits of Hiroshima’s credit card. They then used that CC info to convince GoDaddy that they were the owner of the domain, and reset his login information. They used that data to leverage Hiroshima into giving them — under duress — his low-character-count Twitter user name @N. This, it turns out, was the point of the entire affair from the beginning. PayPal has since investigated and claims that it never gave out Hiroshima’s credit card number or any other personal information — though it does acknowledge there was an attempt to get the info. So, that leaves a question about whether the hacker was lying about where it got Hiroshima’s card numbers — but it doesn’t change the fact that the hack happened. And it leaves an even bigger question. The hack is pretty well documented and it appears evident that the end result was fairly straightforward extortion. So why hasn’t Twitter simply given Hiroshima his @N username back? Twitter, for its part, will only tell us that it is still investigating the matter. We spoke to Hiroshima about the ordeal, and exactly how it went down. He notes that it’s highly improbable for the hacker to have gained access to his account without credit card numbers somehow, and that they claim it was via PayPal. He also says that he feels he did everything normally expected to prevent this kind of thing, but that the methods used by the hackers side-stepped any additional efforts he might have taken like two-factor authentication. “[Two factor authentication] can’t prevent this from happening again,” says Hiroshima. “GoDaddy allowed the guy to reset everything over the phone. As long as a company only uses the last 4 digits of a [credit card] to verify [identity], this will keep happening. They should ask multiple questions.” GoDaddy has said that it is investigating but has not responded to a request for further comment. The vector for the attack, in the end, was the weakest link in many security
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/rKfYYY8JIRU/
Why Hasnt Twitter Just Given @N His Name Back?
Yesterday Naoki Hiroshima, an Echofon developer, posted an article about how he lost his extremely short Twitter handle @N in an extortion scheme. Hackers compromised his GoDaddy account with social engineering (calling and lying to an account rep), gaining access to his email on a personal domain. They said that they gained access via a similar call to PayPal, who the hacker claimed gave them the last 4 digits of Hiroshima’s credit card. They then used that CC info to convince GoDaddy that they were the owner of the domain, and reset his login information. They used that data to leverage Hiroshima into giving them — under duress — his low-character-count Twitter user name @N. This, it turns out, was the point of the entire affair from the beginning. PayPal has since investigated and claims that it never gave out Hiroshima’s credit card number or any other personal information — though it does acknowledge there was an attempt to get the info. So, that leaves a question about whether the hacker was lying about where it got Hiroshima’s card numbers — but it doesn’t change the fact that the hack happened. And it leaves an even bigger question. The hack is pretty well documented and it appears evident that the end result was fairly straightforward extortion. So why hasn’t Twitter simply given Hiroshima his @N username back? Twitter, for its part, will only tell us that it is still investigating the matter. We spoke to Hiroshima about the ordeal, and exactly how it went down. He notes that it’s highly improbable for the hacker to have gained access to his account without credit card numbers somehow, and that they claim it was via PayPal. He also says that he feels he did everything normally expected to prevent this kind of thing, but that the methods used by the hackers side-stepped any additional efforts he might have taken like two-factor authentication. “[Two factor authentication] can’t prevent this from happening again,” says Hiroshima. “GoDaddy allowed the guy to reset everything over the phone. As long as a company only uses the last 4 digits of a [credit card] to verify [identity], this will keep happening. They should ask multiple questions.” GoDaddy has said that it is investigating but has not responded to a request for further comment. The vector for the attack, in the end, was the weakest link in many securityOriginal Link: http://feedproxy.google.com/~r/Techcrunch/~3/rKfYYY8JIRU/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch