![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
This guy had the handle @H. As a single-letter Twitter handle, he had received offers of up to $50,000 to sell it, but he held on to it. A hacker got ahold of a person at Paypal, convinced them to give him the last four digits of the credit card number, then convinced GoDaddy that he was the legitimate registrar. The thief contacted the owner through email and Facebook and basically extorted him to give the thief the Twitter account in exchange for returning the many web sites on GoDaddy.
Reminiscent of what happened to Matt Honan last year. And there's an excellent comment on this article about someone who has fended off similar attacks, that person owns the Twitter and Instagram account @JB. Got hounded by people who wanted it for the Jonas Brothers and now the Beebster.
It's debatable how he could have prevented the attack. One would be to use a different email account for every service, so you'd have name.AMAZON@gmail.com, name.PAYPAL@gmail.com, name.GODADDY@... You get the idea. A friend of mine does this, at least in a limited fashion. Not easy to manage. And you could use a private domain for those email addresses, which would be slightly easier to manage, but then if your personal server gets compromised, all of those email addresses are now known.
One thing that I like about smartphones is the ability to easily monitor multiple email accounts, I read eight different email accounts on my iPhone and am adding #9 today. But I now have a single point of vulnerability if someone steals my phone and it isn't locked and it takes me time to get to a computer to remotely wipe my phone.
There are no easy defenses against determined criminals.
https://medium.com/p/24eb09e026dd
http://yro.slashdot.org/story/14/01/29/1527247/developer-loses-single-letter-twitter-handle-through-extortion
Reminiscent of what happened to Matt Honan last year. And there's an excellent comment on this article about someone who has fended off similar attacks, that person owns the Twitter and Instagram account @JB. Got hounded by people who wanted it for the Jonas Brothers and now the Beebster.
It's debatable how he could have prevented the attack. One would be to use a different email account for every service, so you'd have name.AMAZON@gmail.com, name.PAYPAL@gmail.com, name.GODADDY@... You get the idea. A friend of mine does this, at least in a limited fashion. Not easy to manage. And you could use a private domain for those email addresses, which would be slightly easier to manage, but then if your personal server gets compromised, all of those email addresses are now known.
One thing that I like about smartphones is the ability to easily monitor multiple email accounts, I read eight different email accounts on my iPhone and am adding #9 today. But I now have a single point of vulnerability if someone steals my phone and it isn't locked and it takes me time to get to a computer to remotely wipe my phone.
There are no easy defenses against determined criminals.
https://medium.com/p/24eb09e026dd
http://yro.slashdot.org/story/14/01/29/1527247/developer-loses-single-letter-twitter-handle-through-extortion
