This article was published on January 30, 2014

GoDaddy accepts partial responsibility in social engineering attack of @N’s customer account


GoDaddy accepts partial responsibility in social engineering attack of @N’s customer account

Naoki Hiroshima’s tale of how he lost his @N Twitter handle to a social engineering attack on his PayPal and GoDaddy accounts has gone massively viral over the past 24 hours. After looking into the matter, GoDaddy has responded by admitting that it did hand over some information, while also noting that the attacker already had “possession of a large portion” of the required customer information.

Here’s the official statement from GoDaddy Chief Information Security Officer Todd Redfoot:

Our review of the situation reveals that the hacker was already in possession of a large portion of the customer information needed to access the account at the time he contacted GoDaddy. The hacker then socially engineered an employee to provide the remaining information needed to access the customer account. The customer has since regained full access to his GoDaddy account, and we are working with industry partners to help restore services from other providers. We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques.

The hacker claimed to have obtained vital credit card details over the phone with PayPal, but the company has denied providing any sensitive data.

Hiroshima said he has fielded numerous offers of as much as $50,000 to purchase the @N Twitter account in the past.

Image via Shutterstock

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top