Naoki Hiroshima is the creator and a developer who was luckily enough to own an extremely rare one letter Twitter handle; @n. Originally posted on his own blog, his account of how hackers managed to access and capture the Twitter username (that was worth around $50,000) has just been published by The Next Web, and it makes for an incredibly scary read.
The story exposes major flaws in the customer service structure of big companies we all know and trust; in his case it was GoDaddy and PayPal who handed over information and accepted easily accessed information as verification. The last four digits of Naoki’s credit card – which as you know can be see on all receipt purchases and suchlike, was allowed to be used as verification to gain access into his accounts over the phone.
Unfortunately, this is not an isolated case. Only last year Matt Honan, a writer for tech magazine Wired and owner of the twitter handle @mat watched his phone screen flash blank; his macbook, email, iPad all wiped of information and his Twitter account filled with racist and homophobic posts against his will. This time the big companies to blame were Apple and Amazon, who once again allowed entry into his accounts through the visible last four digits of his credit card. You can read his account here, and you’ll be happy to know he managed to reclaim his handle.
“…ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file.”
With more and more sites urging us to daisy chain our online identity through simplified registration and our reluctance and impatience to navigate through a more extensive and guarded customer service route I still find it hard to blame any of us for these unfortunate opportunities. It’s more unlikely to happen to you than these Twitter veterans but the companies featured are some of the biggest names in the digital world and the majority of you reading this will have an account with at least one of them, if not all. Hopefully Naoki will be able to change his twitter handle back from @n_is_stolen to his rightful and deserved handle, and at the very least will have a strong lawsuit against these idiot tech giants.
Who wants to bet no security protocols are gonna change?