Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

GoDaddy owns up to role in Twitter account hijacking incident

Lucian Constantin | Feb. 3, 2014
GoDaddy has acknowledged that one of its employees fell victim to a social engineering attack allowing a hacker to take over a customer's domain names and eventually extort a coveted Twitter user name from him. PayPal, which the victim claimed also played a role in the attack, denied the accusations.

With access to the GoDaddy account the hacker proceeded to change all information on record in order to prevent the real owner from regaining access to it. Hiroshima said he failed to regain access to his GoDaddy account, even after filing a case report and providing the company with a copy of his government issued ID.

Suspecting that the @N Twitter user name was the attacker's real target, Hiroshima changed the email associated with his Twitter account to one registered with Gmail. So even after gaining access to the developer's domain name and primary email address, the hacker failed to hijack the Twitter account. He was, however, able to reset the password for Hiroshima's Facebook account.

The hacker then switched to extortion tactics. He emailed Hiroshima and asked him to hand over the @N Twitter user name in exchange for returning the GoDaddy, email and Facebook accounts. He also suggested that in case of refusal, he would transfer Hiroshima's domain names, an action that would be hard to recover from and which would have had an immediate negative impact on the developer's websites.

Hiroshima accepted the deal and changed his own Twitter handle to @N_is_stolen.

PayPal dismissed the claims that its employees released personal information or credit card details from Hiroshima's account.

"We have carefully reviewed our records and can confirm that there was a failed attempt made to gain this customer's information by contacting PayPal," the company said in a statement Wednesday on its website.

"Our customer service agents are well trained to prevent social hacking attempts like the ones detailed in this blog post," PayPal said. "We are personally reaching out to the customer to see if we can assist him in any way."

While he regained control of his domain names, Hiroshima still hasn't recovered the much coveted Twitter user name. The hacker seems to have deleted the @N account following the attention attracted by the developer's blog post and story.

"It seems that Twitter simply ignored my claim and let somebody grab @N freely. Seriously?" the developer said Thursday on Twitter.

The story is reminiscent of how a hacker gained access to the Apple ID account of Wired reporter Mat Honan in August 2012 and used it to remotely wipe all data from his iPhone, iPad and MacBook. Like in this case, the hackers who targeted Honan exploited security weaknesses in the customer service procedures of several companies, most notably Amazon and Apple, allowing them to impersonate Honan and obtain the access and various information they needed to further their attack.

The practice of verifying customer identity by using the last several digits of the credit card on record is unacceptable, Hiroshima said. Users should not let companies like PayPal and GoDaddy store their credit card information, he said, adding that he will terminate his accounts with the two companies as soon as possible.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.