PayPal assisted GoDaddy account hacker

[eqz13489]

http://domaingang.com/domain-news/p...tort-owner-of-single-letter-twitter-handle-n/

Still trying to get a hang on this fourm - unsure if i am posting in the wrong spot. Wanted to share this article.

LE: spell checked the Title of post "assisted" lol

 

[equity78]

Go Daddy Tightens Security After @N Debacle

In another move related to the social engineering that took place at Go Daddy and allegedly Paypal (Paypal stands by the position they did not give the hijacker anything and that it was a failed attempt) Go Daddy is now changing their security practices.

In a tweet on Saturday there was an exchage from the former owner of @N and Go Daddy, he is also a former Go Daddy client as he tweeted yesterday that he has moved his names to Namecheap.

Tech Crunch covered the story:

We spoke to @N, known to most as Naoki Hiroshima, after the fact and and he detailed a few things that GoDaddy should do to tighten its security, methods that might have helped protect his account:

“[Two factor authentication] can’t prevent this from happening again,” says Hiroshima. “GoDaddy allowed the guy to reset everything over the phone. As long as a company only uses the last 4 digits of a [credit card] to verify [identity], this will keep happening. They should ask multiple questions.”

GoDaddy has made steps that mirror what Hiroshima felt was needed. In a tweet today, the company said the following:

@N_is_stolen Will do. We now require 8 card digits, lock after 3 attempts and deal with 2-factor authentication accounts differently. ^NF

http://www.thedomains.com/2014/02/02/go-daddy-tightens-security-after-n-debacle/

 

[Paul]

I find it interesting that this person actually went with the service that the attacker recommended.

 

[NameOmnia]

I remember that when I called the support they asked me for my PIN too so I really wonder how and hacker or whoever else could possibly know all those info about the account...Please correct me if I misunderstood something..

 

[enlytend]

The person got all their accounts and domains back
Godaddy's learned a lesson in social engineering and is going to tighten up their security.

All's well that ends well.

 

[Paul]

And not a single GoDaddy fanboy was lost.

 

[Ms Domainer]

*

A near miss, regarding @jb:

http://hackticool.com/post/75171875746
​

*

 

[dadiehost]

Namecheap! are the best at all. Great work!

 

[Name Trader]

I remember that when I called the support they asked me for my PIN too so I really wonder how and hacker or whoever else could possibly know all those info about the account...Please correct me if I misunderstood something..

That was my experience too. But presumably the hacker hacked his free email account, so he had access to the account from the get-go. If you can login, most things can be got at and changed

 

[BrandChimp]

Where is the safiest place to keep your domains?

Btw paypal stole me $1200 in the pass. They are bandits!
Short story CHARGEBACK and copy paste emails.