PayPal denies providing account info over phone to hacker

30 Jan 2014

E-payments giant PayPal has denied it gave a user’s account information to a hacker over the phone after a man’s story of his hacking ordeal went viral.

In a story which has gone viral online, blogger Naoki Hiroshima detailed how a hacker was able to simply ring up PayPal and by pretending to be an employee was able to obtain the last four digits of Naoki’s credit card number.

The hacker was then able to go to web-hosting company GoDaddy and use the scant details he had acquired to gain access to Naoki’s information after the GoDaddy phone support member let the hacker guess the first two digits of the card as many times as he liked until he got it.

The whole affair started because Naoki has a Twitter handle that is highly sought after by individuals and companies because of its simplicity, @N. So much so, that Naoki has said he has previously been offered US$50,000 for the handle.

Worrying ease of access

He has since given over the handle to the hacker as an exchange for getting all his accounts and details back from numerous websites.

Speaking about the whole affair, Naoki said: “It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit-card number over the phone, or that GoDaddy accepted it as verification.”

PayPal has since issued a statement, denying any personal information was given to the hacker over the phone. It said: “We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer’s information by contacting PayPal. PayPal did not divulge any credit-card details related to this account. PayPal did not divulge any personal or financial information related to this account.”

The statement went on to say: “Our customer service agents are well trained to prevent social hacking attempts like the ones detailed in this blog post.”

Highly sought-after Twitter handles have become regular targets for hackers who see them as a means of extorting money, information or the handle itself with Mat Honan (@mac) being another famous example.

Hacking image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic