When you hand out your private information to big online companies, no matter how they use it themselves, you’re at least sure of one thing that they won’t share that information with anyone. A major hack attack or the NSA might forcefully snatch away that info, but certainly not an imposter over a measly phone call.
But there is a difference in what one thinks and what actually happens.
According to the terrifying story of Naoki Hiroshima, a Palo Alto-based software developer, a PayPal customer service representative gave away four digits of his credit card over the phone to a hacker posing as their employee.
Having known four digits of Hiroshima’s cc, the hacker then contacted GoDaddy’s helpline to reset the victim’s account password. Still short two of the six digits required to initiate the resetting process, the attacker found the missing piece of luck when he was allowed to GUESS the missing numbers by GoDaddy’s representatives.
But the hacker wasn’t after the victim’s websites. The whole thing was done just so that he could blackmail Hiroshima into giving up an extremely unique and valuable Twitter handle – reportedly worth $50,000 – that he possessed. Soon after, the hacker made contact with Hiroshima in order to make the trade, and once he got what he wanted, he also revealed how he pulled it off so that someone else wouldn’t do the same.
The hacker’s tactics after taking over Hiroshima’s digital assets are pretty run-of-the-mill. The shocking point here is how easy it was to trick GoDaddy and PayPal’s agents. Even more disturbing is the fact that obtaining confidential info from the pair didn’t require any technical hacking skills. It’s more of a loophole that was exploited in this case, and could be done again, if adjustments to the system aren’t made.
To read the entire story in Hiroshima’s own words, come this way.