Woman named Mercedes Beach Blackmailed into Giving up Her ‘Mercedes’ Tumblr

Featured eBooks
Future-Ready Workforce
Read Now

Health Tech

Read Now

AI Applications

Read Now
Insights & Reports
AI Infrastructure for a National Advantage
Presented By MinIO
Download Now
Reach Zero Trust Mandates with an Adaptive Approach
Presented By Forescout Technologies
Download Now

By

Social Media

A New York-based graphic designer had her Gmail and potentially all social media accounts hijacked, but the hacker was after only one thing: her Tumblr URL, mercedes.tumblr.com.

Beach figured out what was happening minutes too late.

It all started when she received emails from Instagram and Amazon reporting that someone was trying to access her accounts. “It concerned her, but she was hungover and decided to deal with it later,” Motherboard reports.

Beach then received a phone call from a man with an English accent who said he was a Google employee. The caller ID read 650-253-0000 (the number for Google’s HQ). The man said that he was going to send a verification code to her phone and asked her to read it out over the line.

Beach opened the message, read out the numbers, and a second later the caller hung up. “Beach remembered Google’s two-step verification, and realised she’d just given hers away,” according to Motherboard.

She tried to access her Gmail and found that she’d been shut out. She started changing passwords to protect her Instagram, Facebook, Apple ID, and secondary email, an old account from college.

She was still logged into her old email when she received a threatening message -- from herself. See image here: http://motherboard-images.vice.com/content-images/contentimage/18412/1421692064990406.png

She checked her Tumblr but found it had already been taken. The URL had been altered to “mercedes-beach.tumblr.com.” She replied to the extortionist, asking for her email passwords back. The hacker complied, she changed all her passwords again, and they spoke no more.

Immediately after the Tumblr was commandeered, it had a Mercedes Benz logo as the avatar and a picture of a yellow car in front of a scenic beach view. A "#Mercedes #ComingSoon” caption. Now it's down, but the URL is still under ownership.

An official Tumblr for Mercedes Benz already ​exists and seems to be doing well. The person who stole Beach’s Tumblr URL likely planned to try to sell it, or use it for further deceit.

It’s unclear how the hacker sidled into her email so quickly, though perhaps there was a link somewhere in an old message and the password was “probably, definitely” the same as another account, Beach said.

The whole episode took less than an hour, and Beach’s URL was taken within minutes of the mysterious phone call.

Spoofing a phone number is easy and it’s certainly been done b​efore. There was no sign of anyone logging into Tumblr from a different computer, but such traces of suspicious activity can be concealed with the Tor anonymous browser or another proxy.

In the end, Beach blames the nature of the social Web: “All my accounts and sites are interconnected. Facebook, Instagram, Tumblr, and personal website. My Tumblr links to my website… I'm realizing now that my web presence makes me vulnerable.”

Original Report:
motherboard.vice.com/read/the-woman-hacked-because-her-name-is-mercedes?utm_c...

NEXT STORY: 'World War III' Reported on Hacked NY Post and UPI Twitter Accounts