How I Lost My $50,000 Twitter Username
posted January 2014
So this guy owned @N on twitter and got extorted his account by a phishing attack. The story is well written and you should read it here : https://medium.com/p/24eb09e026dd
but for a tl;dr the attacker called his paypal account to ask them for his credit card's last 4 digits. Then he called godaddy to ask them to reset the password. They only asked him for the 2 first digits and the last 4s. The attacker just had to guess the 2 first digits (and he did it on the first try, he could have kept calling and trying otherwise).
Now that he had @N's domain's name, he could now see his emails. Took over @N's facebook account and started mailing him "threats".
It's pretty crazy how easy phishing is.