Naoki Hiroshima had (i.e. squatted) a rare and valuable Twitter handle, @N. It was extorted from him, he claims, by a scammer who figured out that PayPal reveals part of one's credit card number during security verification—and that GoDaddy accepts the same part of the number during security verification.
I asked the attacker how my GoDaddy account was compromised and received this response:
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
GoDaddy outright refused to help him at first, too. It's shocking how weak account security is there, and at PayPal: "Don’t let companies such as PayPal and GoDaddy store your credit card information," Hiroshima writes.
UPDATE: On its Twitter account, PayPal denies that it gave out "any credit card details".
Centralia, PA, has a tourist problem thanks to its long-burning underground coal fire and ghost town status. The locals that remain are tired of being told their beloved, doomed home is the “real-life Silent Hill,” that being a gateway to hell replete with deformed nurses with legs for heads, pyramid-headed demons, manifestations of scarred male […]
Researchers are warning that ads could play coded sounds outside the range of human hearing to secretly communicate with other gadgets within earshot. The technique, which several companies are reportedly working on, would allow marketers to associate devices with one another and paint a privacy-cracking picture of the owner’s interests and behaviors. Dan Goodin reports […]
Did you hear about the International Hole of Pancakes, the massive drainage structure collapse that swallowed a at least a dozen cars in an IHOP parking lot in Meridian, MS just a few days after the restaurant opened? Here is Jason Hartwig’s drone footage of the site.
Celebrate Cyber Monday with some brain food. Save on any eLearning deal in the Boing Boing Store today using coupon code: CYBERMONDAY25. Below are a couple of our favorite eLearning offers: eduCBA Tech Training Bundle: Lifetime Subscription:Welcome to your personal online classroom, where you can finally study at your own pace, on your own time (and […]
This minimalist multi-tool will see to it that instead of rocking a tool belt, you’ll carry just one. It’s shaped slightly like a key and weighs less than an ounce, so it plays nice with your keychain. The strong surgical-grade stainless steel blade will last, and is handy for everyday tasks like opening boxes and […]
The Code Black is our top-selling drone of all time—and for good reason. This powerful, palm-size drone is not only insanely fun to fly, but can capture some serious video footage from up above. With a flight time of about 10 minutes and an ultra-smooth ride, it’s a great introductory drone for anyone looking to […]