PayPal says it did not divulge credit card information from a customer who contends PayPal exploited in a scheme to force him to give up his Twitter handle, "@N."
Naoki Hiroshima, a technology developer and blogger who owned a rare single-letter Twitter handle, says the extortionist gained leverage by compromising his GoDaddy Web hosting account using payment credentials obtained through PayPal.
Reporting his ordeal at Medium.com, Hiroshima says he's been offered as much as $50,000 for the Twitter handle. The person behind the extortion claimed to have used social engineering methods to trick PayPal into divulging part of Hiroshima's card account number, Hiroshima says. With this information, the attacker posed as Hiroshima when contacting GoDaddy to take over his account there.
PayPal says its records contradict this version of events.
"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal," the eBay unit says in a blog post, adding "PayPal did not divulge any credit card details related to this account," and "this individual's PayPal account was not compromised." The blog post did not list an author, and PayPal would not comment further.
GoDaddy's review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy, said Todd Redfoot, chief information security officer at GoDaddy, in an email to PaymentsSource. "The customer then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers."
Hiroshima did not return a request for comment by deadline.