GoDaddy logo
GoDaddy has admitted thatthe hacker who extorted the Twitter account @N from Naoki Hiroshima obtained his credit card details from them GoDaddy.com

GoDaddy has admitted that the hacker who extorted app developer Naoki Hiroshima for his Twitter account by holding his GoDaddy account to ransom, managed to get the details from a GoDaddy employee on the phone.

"Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account," GoDaddy's CISO Todd Redfoot told IBTimes UK.

"We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques."

Financial details

PayPal told IBTimes UK it did not release any credit card details, and it has since posted a blog confirming that no personal or financial details were released, and that Hiroshima's account was not compromised.

"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal," the blog says.

Hiroshima, a California-based developer acquired a unique Twitter username @N in 2007. Because it is so unique, numerous hackers have previously tried and failed to steal his Twitter account from him. Hiroshima also claims he was once offered $50,000 (£30,167) to buy the account outright, but he declined.

Nightmare

Hiroshima experienced a modern nightmare on 20 January as the hacker claimed that he had contacted PayPal on the phone and managed to convince a PayPal customer service representative to hand over the last four digits of Hiroshima's credit card.

While the hacker seems to have accidentially named the wrong company, the rest is true.

Once in possession of the credit card details, the hacker convinced GoDaddy to hand over control to Hiroshima's GoDaddy account, which hosted several website domains, including the domain that controlled his email address, which was linked to the Twitter account.

Changed tactics

Since Hiroshima changed the email address for his Twitter account just before the hacker got to it, the hacker changed tactics and emailed him directly to extort the Twitter account from him, threatening to compromise the websites in his GoDaddy account if he didn't hand over the Twitter username.

The hacker has since deleted all of Hiroshima's tweets from the @N Twitter account. The account has 80 followers and the profile summary reads ". Follow Badal_NEWS". There is a @BADAL_NEWS Twitter account but it is protected with 431 followers and 4,904 tweets.

Hiroshima has moved to a new Twitter handle @N_is_stolen, where he has 34,200 followers.

Twitter seems to have moved all his original tweets across to his new account, as he started tweeting on his new account on 21 January, but he has over 15,000 tweets listed, the bulk of which date back to 2012.