Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

GoDaddy accounts vulnerable to social engineering and Photoshop

Steve Ragan | March 20, 2015
GoDaddy's layered verification protections defeated by a phone call and four hours in Photoshop

"The best thing  you can do is setup domain privacy, which makes it more difficult because I would need to find the private contact information, which can easily be done with DomainTools; then go through or whichever company is keeping the domain private," Mr. Troia explained.

"Do your due diligence. If you're really worried about the security of your domain (as you should be), find out what security protocols the registration company has in place. Ask your registration (or hosting) company what safeguards they have in place in case your account is hijacked. How will you get it back? Hacking is pretty common now, so they should have an answer ready."

When asked for a comment on this story, as well as answers to a number of pointed questions on the limits of their customer support staff and the existence of an account reset form, GoDaddy only responded with a single statement:

"GoDaddy has stringent processes and a dedicated team in place for verifying the identification of customers when a change of account/email is requested. While our processes and team are extremely effective at thwarting illegal requests, no system is 100 percent efficient. Falsifying government issued identification is a crime, even when consent is given, that we take very seriously and will report to law enforcement where appropriate."


Previous Page  1  2  3  4  5 

Sign up for CIO Asia eNewsletters.