On Wednesday, we learned that a hacker managed to hijack the coveted @N Twitter username after extorting its owner into handing it over. The former owner of the account, Naoki Hiroshima, has blamed PayPal and GoDaddy for the incident.
He claims the hacker gained access to his GoDaddy account after social engineering an employee with the aid of information handed over to him by PayPal staff. More precisely, the attacker requested and obtained partial credit card data.
Both GoDaddy and PayPal have issued statements regarding the incident. GoDaddy admits that one of its employees had been tricked into providing the hacker the information needed to access Hiroshima’s account.
However, the hosting giant says the cybercriminal already possessed a large portion of the customer information needed to access the account when he contacted the company.
“The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers,” stated GoDaddy Chief Information Security Officer Todd Redfoot.
“We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.”
While GoDaddy has accepted partial responsibility for the account takeover, PayPal hasn’t.
The payment processor says that it has launched an investigation after Hiroshima published his post. PayPal admits that there have been failed attempts to obtain a customer’s information.
However, according to their statement, “PayPal did not divulge any credit card details related to this account. PayPal did not divulge any personal or financial information related to this account. This individual’s PayPal account was not compromised.”
The company says that its employees are well trained when it comes to handling social engineering attempts. PayPal says that it’s trying to reach out to Hiroshima to assist him.