Awesome incident experienced by users with a rare value Twitter account
"@ NNaoki Hiroshima, an engineer who had a rare Twitter account with a single alphabet character. When he had "@ N" he seems to have received an offer to buy an account for $ 50,000 (about 5.1 million yen), but thisThe account has been forced to give up after being attacked by a third partyThat's right.
An attacker who took over Hiroshima's account called the PayPal first to take over the account and got the last 4 digits of Hiroshima's credit card number. Then I called the domain management company GoDaddy and say "I lost my card but I remember the last 4 digits" and succeed in hijacking the account of GoDaddy. As Hiroshima operated e-mails and websites in its own domain, attackers were able to control these and Hiroshima handed over @ N to regain their control.
Like Josh Hiroshima, Josh Bryant, "I was about to be robbed of account!", Describes the circumstances when I was about to be robbed of my account on my own blog. Also, it seems that "much much bad" happened in some respects than the case of Hiroshima, the author of blog.
How I Almost Lost My $ 500,000 Twitter Username - Hackticool
The account name Josh uses for Twitter and Instagram is "@ Jb"something like. This account name is a simple thing from my initials, but it is a famous artistJustin BieberAlso, Josh wrote that companies and hackers tend to acquire even with dirty hands, considering their marketing effect.
Like Hiroshima who was robbed of "@ N", Josh also frequently received an offer saying "I want to buy @ jb at a high price" and somehow managed to take over accounts There are also many, and it seems that the password reset guide mail of Twitter account has arrived every day in the mailbox.
In May 2013, Josh received a password reset invitation email from Amazon. Most of the password reset instructions received so far were from Twitter and Instagram, which was the first time from Amazon, but Josh decided to ignore it as well as other mails .
ByJim 212 jim
However, approximately 30 minutes after the mail arrived, Amazon received a message saying "Password has been successfully changed!" And three more passwords reset mail arrive from Apple in 30 minutes. It seems that Josh has noticed that he is an object of some sort of attack.
At this time, fortunately Josh was still able to access his mail account, so I immediately requested to reset my Amazon account password. After changing the password, Josh called up Amazon and learned that the third party got Josh's account information on the phone by telephone. He asked me to instantly lock my account, "I want you to make a note of the contents of the phone if there is a request to change account information change" on the phone in the future .
ByJo Christian Oterhals
When Josh then called iCloud's support center, it turned out that there were four inquiries about the account four times within an hour, just like at the time of Amazon. An attacker who tried to take over his Amazon account seemed to try to get information of Josh by directly calling Apple support like Amazon. Again, if there is a person asking for account information in the future, tell him that I want you to make a note of the contents and tell him that I do not want any permission from the phone.
While doing these phones, Josh will receive an email with instructions on how to change the password from iCloud support. It seems that this was obviously sent manually by a person from the support center of Apple who talked on the phone. This mail contains Josh 's iCloud address on the destination (TO) as unknown Gmail address, CC as Jun' s Gmail address is the address of the person trying to gain unauthorized access to Josh 's Amazon account or iCloud account I noticed it.
Josh who got the attacker's Gmail address sent an e-mail to this address even though it thought that there was no reply, after a few minutes, explain what he did without hiding from the attacker I received a reply.
ByDaniel R. Blume
According to an attacker, he first studied what is related to Josh from information published on the Internet and various places, found a link to the website he operated by Josh's Twitter profile,WHOISWe got the information of. Josh registered the address where parents live in the WHOIS information and the attacker succeeded in locating Josh's Amazon account because he had sent gifts to parents using Amazon.
Using this, an attacker called Amazon and asked "I forgot my password, but now I can not access the email address I registered," to reset the password at the customer center, and also needed to access the account It was said that the information was taught through the telephone. The attacker then got information such as the last 4 digits of Josh's credit card number, the current address and the previous address, and he was planning to obtain information from Josh's iCloud account in the same way is.
Fortunately, while the attacker was doing these, Josh was online and could lock them before accessing Amazon or Apple accounts. Attackers knew that customer centers like shopping sites like Amazon would release information relatively easily, and it is believed that they started attacking from Amazon accounts. By the way, although Amazon is hosting data of many startup companies, Josh is also one of co-founder of such a startup company and saves all the data concerning the service "Droplr" that they created to Amazon EC 2 was doing. This time it was good because the attacker's purpose was Josh 's "@ jb" Twitter account, but when I noticed that all the Droplr data was accessed, I was terrible.
From this experience Josh seems to have realized that when using AWS etc., it is necessary to prepare another account completely separated from the shopping Amazon account. It also states that it is important to use personal WHOIS services that you can manage by yourself. As you can see from Hiroshima's case, if you use the e-mail address using your own domain as the login e-mail address of any net service, there is a fear that information can be drawn out in a sweet formula.
However, as a problem common to e-mail services such as Gmail and iCloud that must process many password reset requests everyday, "If you can verify your identity on the phone, you need to disclose the information so that you can access your account There is a thing called "there is something", and if a person who falsely identifies on the telephone appears, probably the information for accessing the mail account will be leaked out.
And Josh realized that the security level is equivalent to the personnel of the telephone support center working with the minimum wage with the ability to reset the user's account even for a large global company , And that.
Regardless of how self-guarded it is, it is inevitable that information leaks from customer service of the service you use. Those who do not need to watch this level worry, but those who are using important accounts that are troubled by being compromised will grasp where the weak point is and then send you an unexpected password reset guide It seems better to take care of it.