It is one thing to have your email account taken over and all of your friends are spammed. It is something entirely different when a hacker decides they want to take your entire online life and hold it hostage.
This is a story about someone named Naoki Hiroshima. He had a prime Twitter handle, @N, until hackers decided to hijack it.
They told him if he tried to get it back they would destroy his other online accounts. How did they do this and what can you do to avoid being a victim?
Cyber expert Theresa Payton shares her advice:
1. the hacker got into his "godaddy" account first
2. the hacker forwarded Naoki's emails to himself
3. He then contacted Naoki and told him to hand over the twitter account or he would hold his emails and website hostage.
Naoki asked the hacker how he/she got in.
The hacker leveraged some vulnerabilities in PayPal's and GoDaddy's password-recovery systems
1. The hacker spoofed Naoki and got the last four digits of Hiroshima's credit card number from PayPal
2. With that in hand the hacker used the 4 digits to request a password reset to the GoDaddy account.
Theresa asks, do you know you can call PayPal and ask them to add a note to your account stating that they shouldn't release any credit card details by phone? Also, she says use two-factor authentication wherever possible. It might stop or slow down an attacker.
To learn more about the Word of the Week, Poppy3D, click here.