How I lost my $50,000 Twitter username

http://arstechnica.com/security/2014/01/how-i-lost-my-50000-twitter-username/

hqsec

 

If Paypal is doing crap like that, no one has any business using them.

 

Of course PayPal denies the accusations. I had a bad experience with them a few years ago and refuse to ever do business with them again.

An interesting article that shows that you can get robbed by no action of your own.

 

Another Credit-Card-as-Authentication Hack

Another Credit-Card-as-Authentication Hack by Bruce Schneier

-- Tom

 

http://arstechnica.com/security/2014/01/picking-up-the-pieces-after-the-n-twitter-account-theft/

 

Same here.

 

Another similar story:

http://arstechnica.com/security/201...my-500000-twitter-username-jb-and-my-startup/

hqsec

 

This.
Don't use the same identity for every single service online; compartmentalize.
With 'fake' identities you only have all the details from, social-engineering becomes a no-go.
And lock/disable accounts for 'reset-password-by-phone'.

 

Thank you for posting these articles. This is extremely interesting and enlightening reading. It has made me look at the security of my own domains and accounts.

I have to admit, if I had been offered $50,000 dollars for the letter N on Twitter, I would have tried to get $100,000 for it--maybe auction it on eBay or somewhere else. Then I could have relieved myself of the security problem and could laugh to myself for the rest of my life about the huge amount of money I got for a letter of the alphabet.

 

That is the best option IMO, but I'm not sure if it's possible.

 

Wonder how long before another thief steals the account?

 

Same here. I've also checked my accounts and have made some changes. Nothing can protect you against social engineering on provider's side. Most accounts that I use, doesn't have an option to prevent password reset by phone. So there really isn't much one can do. Just not to put all eggs in one basket.

hqsec

 

http://arstechnica.com/security/201...up/?comments=1&post=26147901#comment-26147901

 

With all this noise did he got it back, not clear to me...

 

Thank you for sharing your story. I will be making changes to my paypal account immediately. Do you think you may have a case for litigation? I would really look into this. If you can prove that they violated their own terms of service then you definitely have a lawsuit, and you may have one even if they did not. It's definitely worth looking into. Companies almost never change until they are forced to be accountable for their negligence through litigation.

 

The problem is which changes you can make to secure paypal?? There is no possibility to opt out of phone support. However you have the option to add a PIN that you will need to use when calling paypal. Will it help?

 

This is not my personal story. I only shared link to story that I've found. I do agree with you about possible lawsuit.

hqsec

 

Ok, thanks for clearing that up. I hope they do pursue litigation to protect us all from this type of poor business practice!

 

Screw paypal, people need to start using alternatives.

 

Twitter restored @N to it's owner:
http://arstechnica.com/security/2014/02/twitter-restores-50000-n-username-to-its-owner/

#that_ended_well

hqsec

 

Maybe this will be a lesson to hackers to not waste their time with trying to steal user's twitter handles.

 

Interesting.

 

If there were any. Usually you can pay by a card or by paypal and that is it and paypal is obviously safer.

 

Unfortunately in some places, there are none.