Keep your domains safe, choose a safe registrar.
In a shocking and hair-raising story, app developer Naoki Hiroshima details how a hacker targeted his Twitter handle @N (single letter) by hacking his GoDaddy account with a little help from PayPal.
There are 26 single letter Twitter handles – A to Z – and Naoki Hiroshima had been offered as much as $50,000 for his. The Twitter handle became the target of a hacker armed with plenty of social engineering skills.
After failing to convince Twitter to reset the password, the hacker called PayPal and obtained Hiroshima’s credit card information; armed with that info, he called GoDaddy and used it to reset the password to his account, holding several important domain names.
As soon as he obtained control of the domains at GoDaddy, the hacker emailed Hiroshima to negotiate a hostage exchange, and sought access to the Twitter handle @N in return.
During the domain hostage crisis, GoDaddy did not actively assist with the account recovery, pointing Hiroshima instead to a series of procedures involving ICANN and a court subpoena, neither of which would provide a quick resolution.
In the end, Hiroshima surrendered the Twitter handle to the hacker, and regained access to his GoDaddy account. The hacker, advised him to leave GoDaddy for a more secure registrar, such as NameCheap or eNom. He also suggested that he should call PayPal and ask them to record a note disabling the release of any personal info over the phone.
Read the entire incident in full detail here.
This post is 100% true!
This makes me sick, I hope twitter makes this right, I know godaddy won’t, this is happening far to often.
I contacted Godaddy for clarification. How could you know the 4 digits of a CC and not any other info (full cc, user, pin and password)? It doesn’t make any sense who could fall for this. If you don’t know your CC, ask your bank, it’s what you should be said.