Naoki Hiroshima recently went through a horrifying experience of losing his Twitter handle, @N. Through social engineering, a hacker was able to access Hiroshima’s GoDaddy account, email, and Facebook profile, and then used them to exhort Hiroshima for access to the Twitter username. The whole story is chilling, and many of us are far more susceptible to this sort of event than we think. Hiroshima:
I tried to log in to my GoDaddy account, but it didn’t work. I called GoDaddy and explained the situation. The representative asked me the last 6 digits of my credit card number as a method of verification. This didn’t work because the credit card information had already been changed by an attacker. In fact, all of my information had been changed. I had no way to prove I was the real owner of the domain name.
Responding to Hiroshima’s plight, Josh Bryant posted his own story, regarding his Twitter handle @jb. However, what I found most interesting about both these stories was how open the hackers in each situation was about how they went about hacking the accounts. Bryant, regarding the responses from his hacker:
He explained that he first started by doing a little research and learning every piece of information he could find on me through public records. My Twitter profile linked to my website, my website had WHOIS information. I use a very very old address on all my public WHOIS records, but it happens to be the address of my parents, and since I’ve shipped gifts to my parents through Amazon, they had that address on file.
Privacy we have taken from us is one issue, but an equal problem is the privacy we give away for free, which, once released, can never be truly restored.
—Wednesday, 29 January 2014