Two days ago, Ars ran a syndicated story by software developer Naoki Hiroshima on how his potentially valuable Twitter handle was stolen (the story originally appeared on Medium). Hiroshima described a painful ordeal wherein an attacker extracted credit card information from his PayPal account, used that information to reset the login credentials for Hiroshima’s GoDaddy account, and then modified the domain’s MX records (the set of DNS entries that tell everyone else on the Internet where to send that domain’s e-mail) away from Hiroshima’s servers to their own.
The attacker also appeared to have modified a number of other details of Hiroshima’s GoDaddy account, making it impossible for Hiroshima to gain access.
The attacker then attempted to reset the password to Hiroshima’s Twitter account, “@N,” but was unsuccessful.
Unable to gain access to the @N account, the attacker then e-mailed Hiroshima and threatened to take action against Hiroshima’s website’s domains unless he changed his Twitter handle to something else, allowing the attacker to assume the “@N” handle—which he would then presumably sell.
Hiroshima attempted to regain access to his GoDaddy account, but GoDaddy wouldn’t restore his access, because Hiroshima no longer appeared to be the legitimate owner of the account.
Even involving a GoDaddy executive didn’t appear to fix things.
A day later, after further threats from the attacker, Hiroshima surrendered the @N handle, and the attacker promptly sent Hiroshima his GoDaddy login credentials. It was a successful hostage exchange, as such things go, but Hiroshima found himself victimized with no apparent recourse other than acceding to the attacker’s demands.