Naoki Hiroshima was lucky enough to snag a one-character Twitter username: @N. Over the years, he'd been offered large sums — as much as $50,000 — for the name, but he kept it. Then, according to a horrifying first-person account, a hacker socially engineered the last four digits of his credit-card out of Paypal, used that information to seize control of his Godaddy account, and threated to trash all of Hiroshima's websites unless Hiroshima transferred @N to the hacker. The hacker also seized control of Hiroshima's Facebook account. The attack took place over the Martin Luther King, Jr day holiday, and Hiroshima couldn't get his case escalated to anyone at Twitter, Godaddy or Paypal while it was taking place, and so he lost his domain. All three companies now say that they're looking into his story. Hiroshima offers some helpful advice on avoiding his fate (use two-factor authentication, mostly).
I later learned that the attacker had compromised my Facebook account in order to bargain with me. I was horrified to learn what had happened when friends began asking me about strange behavior on my Facebook account.
I received an email from my attacker at last. The attacker attempted to extort me with the following message.
SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 15:55:43 -0800
I've seen you spoke with an accomplice of mine, I would just like to inform you that you were correct, @N was the target. it appears extremely inactive, I would also like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen again D:
I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5minutes while I swap the handle in exchange for your godaddy, and help securing your data?
How I Lost My $50,000 Twitter Username [Naoki Hiroshima/Medium]
(via Hacker News)