An update in the @N account hacking case has just come through from GoDaddy, one of the companies involved in the somewhat convoluted social engineering case. The company admits that one of its employees was 'socially engineered' into giving out additional information which allowed a hacker to gain access to Naoki Hiroshima's GoDaddy account. The hack was performed by calling up PayPal and GoDaddy to gain access to Hiroshima's personal email, which was then used to extort the @N Twitter user handle from him.
Social engineering is a method of hacking in which attackers utilize personal or not-so-personal information to impersonate the rightful owner of an account. They call up the company in question and engineer a 'reset' of the account permissions that allow them to take over. In Hiroshima's case, the target was simply his Twitter handle, but it could easily be things like bank accounts or websites. GoDaddy Chief Information Security Office Todd Redfoot issued TechCrunch the following statement about the hack:
Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers.
This is very standard from GoDaddy. They will allow someone to take over a domain, and then claim it's not their problem anymore, since once the change was made, you aren't the owner anymore :-( One of the worst companies to use for domain registration, but I guess that's what the Super Bowl commercials are for.