Post by peteetongman on Mar 8, 2014 21:11:08 GMT -5
<not sure we're getting the whole story here. every time I call GoDaddy they won't talk to me without my 4-digit call-in PIN>
It’s the modern-day bureaucratic nightmare — Someone steals something that belongs to you, and the one party that could easily do something about it refuses to listen to you because its records show that the thief is the rightful owner. According to developer Naoki Hiroshima, someone lusted after his Twitter handle (@n) so badly that they went to great lengths, hijacking his personal website in a (sadly successful) extortion attempt.
Hiroshima writes about the ordeal in detail on Medium.com [via TheNextWeb] but here are the basics of the red-tape nightmare that lost him a Twitter handle worth several thousands of dollars.
In fact, writes Hiroshima, he’d received numerous potentially lucrative offers for his @n handle since he’d scored that Twitter account way back in the Twitter stone age of 2007. He claims to have had as much as $50,000 dangled in front of him for the rare, single-letter account.
In addition to the legitimate purchase attempts, he says that hackers are constantly attempting to breach this account or any of this others in an effort to get control of the Twitter handle.
Then on Jan. 20, he received an “Account Settings Change Confirmation,” notice from GoDaddy, the company through which he’d registered his personal domain name.
“If these modifications were made without your consent, please log in to your account and update your security settings,” reads the e-mail, “If you are unable to log in to your account or if unauthorized changes have been made to domain names associated with the account, please contact our customer support team for assistance: support@godaddy.com or (480) 505-8877.”
Hiroshima was not able to log in and so he called the number, as per the instructions.
“The representative asked me the last 6 digits of my credit card number as a method of verification,” he writes. “This didn’t work because the credit card information had already been changed by an attacker. In fact, all of my information had been changed. I had no way to prove I was the real owner of the domain name.”
All the rep could do was tell him to file a case report, complete with his government ID info, with GoDaddy in an attempt to prove that he was who he claimed to be. Of course, this didn’t really help because his info was no longer associated with the account.
Meanwhile, the hacker who’d hijacked his site was able to control Hiroshima’s e-mail account.
He smartly changed the e-mail address associated with his Twitter account, making sure the hacker did not have access to that much-desired public feed.
The hacker persisted in attempting to get the Twitter account e-mail changed over, but to no avail. And so the hacker began e-mailing Hiroshima, making their extortion attempt quite clear.
Read the e-mail from the hacker, who dubbed themselves “Social Media King”:
consumerist.com/2014/01/29/hacker-hijacks-website-in-extortion-attempt-godaddy-refuses-to-talk-to-actual-owner/
It’s the modern-day bureaucratic nightmare — Someone steals something that belongs to you, and the one party that could easily do something about it refuses to listen to you because its records show that the thief is the rightful owner. According to developer Naoki Hiroshima, someone lusted after his Twitter handle (@n) so badly that they went to great lengths, hijacking his personal website in a (sadly successful) extortion attempt.
Hiroshima writes about the ordeal in detail on Medium.com [via TheNextWeb] but here are the basics of the red-tape nightmare that lost him a Twitter handle worth several thousands of dollars.
In fact, writes Hiroshima, he’d received numerous potentially lucrative offers for his @n handle since he’d scored that Twitter account way back in the Twitter stone age of 2007. He claims to have had as much as $50,000 dangled in front of him for the rare, single-letter account.
In addition to the legitimate purchase attempts, he says that hackers are constantly attempting to breach this account or any of this others in an effort to get control of the Twitter handle.
Then on Jan. 20, he received an “Account Settings Change Confirmation,” notice from GoDaddy, the company through which he’d registered his personal domain name.
“If these modifications were made without your consent, please log in to your account and update your security settings,” reads the e-mail, “If you are unable to log in to your account or if unauthorized changes have been made to domain names associated with the account, please contact our customer support team for assistance: support@godaddy.com or (480) 505-8877.”
Hiroshima was not able to log in and so he called the number, as per the instructions.
“The representative asked me the last 6 digits of my credit card number as a method of verification,” he writes. “This didn’t work because the credit card information had already been changed by an attacker. In fact, all of my information had been changed. I had no way to prove I was the real owner of the domain name.”
All the rep could do was tell him to file a case report, complete with his government ID info, with GoDaddy in an attempt to prove that he was who he claimed to be. Of course, this didn’t really help because his info was no longer associated with the account.
Meanwhile, the hacker who’d hijacked his site was able to control Hiroshima’s e-mail account.
He smartly changed the e-mail address associated with his Twitter account, making sure the hacker did not have access to that much-desired public feed.
The hacker persisted in attempting to get the Twitter account e-mail changed over, but to no avail. And so the hacker began e-mailing Hiroshima, making their extortion attempt quite clear.
Read the e-mail from the hacker, who dubbed themselves “Social Media King”:
consumerist.com/2014/01/29/hacker-hijacks-website-in-extortion-attempt-godaddy-refuses-to-talk-to-actual-owner/