Go Daddy Tightens Security After @N Debacle
In another move related to the social engineering that took place at Go Daddy and allegedly Paypal (Paypal stands by the position they did not give the hijacker anything and that it was a failed attempt) Go Daddy is now changing their security practices.
In a tweet on Saturday there was an exchage from the former owner of @N and Go Daddy, he is also a former Go Daddy client as he tweeted yesterday that he has moved his names to Namecheap.
Tech Crunch covered the story:
We spoke to @N, known to most as Naoki Hiroshima, after the fact and and he detailed a few things that GoDaddy should do to tighten its security, methods that might have helped protect his account:
“[Two factor authentication] can’t prevent this from happening again,” says Hiroshima. “GoDaddy allowed the guy to reset everything over the phone. As long as a company only uses the last 4 digits of a [credit card] to verify [identity], this will keep happening. They should ask multiple questions.”
GoDaddy has made steps that mirror what Hiroshima felt was needed. In a tweet today, the company said the following:
@N_is_stolen Will do. We now require 8 card digits, lock after 3 attempts and deal with 2-factor authentication accounts differently. ^NF
http://www.thedomains.com/2014/02/02/go-daddy-tightens-security-after-n-debacle/