Twitter user claims user name worth $50k was stolen with help from PayPal and GoDaddy
A twitter user was recently extorted into giving up his twitter user name. It would be bad enough giving up your established twitter user name, but this one was worth $50,000. The user claims to have been offered $50,000 for the username in the past. The twitter user name was @N.
People apparently tried to steal the user name all the time, short twitter handles are coveted it seems. The twitter handle was stolen via extortion from the rightful owner thanks to information released by GoDaddy and PayPal. The twitter user says that he received a text from PayPal that someone tried to change his password and then an email from GoDaddy the same day.
He had ignored the PayPal text, but the GoDaddy message was a confirmation of an account change. He was unable to log into his GoDaddy account to change the information back because the last six digits of the credit card on file had already been changed leaving him no way to prove he was the real owner of the account.
Once the stage was set, the hacker contacted @N and told him it was the Twitter account that he wanted. The deal was that the hacker would leave the website data on the GoDaddy servers alone if @N would allow the hacker to take over the twitter account. Oddly, the hacker offered to help the target secure his accounts after the fact.
The hacker say that he was able to get the last four digits of the credit card used for the GoDaddy account by using "very simple engineering tactics" on PayPal to get the last four digits of the card. He then called GoDaddy and told them he lost the card, but remembered the last four digits. The hacker says that GoDaddy allowed him to guess until he got the first two digits of the card correct. Whether or not @N will ever get his coveted twitter name back remains to be seen, but seems unlikely.
SOURCE: Medium.com