Naoki Hiroshima had (i.e. squatted) a rare and valuable Twitter handle, @N. It was extorted from him, he claims, by a scammer who figured out that PayPal reveals part of one's credit card number during security verification—and that GoDaddy accepts the same part of the number during security verification.
I asked the attacker how my GoDaddy account was compromised and received this response:
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
GoDaddy outright refused to help him at first, too. It's shocking how weak account security is there, and at PayPal: "Don’t let companies such as PayPal and GoDaddy store your credit card information," Hiroshima writes.
UPDATE: On its Twitter account, PayPal denies that it gave out "any credit card details".
Tristan Harris was Google’s “Design Ethicist” where he studied how design choices directly affect people’s behavior in conscious and unconscious ways. He’s also a practicing magician! As he says, “Magicians start by looking for blind spots, edges, vulnerabilities and limits of people’s perception, so they can influence what people do without them even realizing it.” […]
Watch this (please, the whole thing). Its title is “The Present,” and it’s a gift to you from Jacob Frey.
Commanding two thirds or so of the browser market, Google’s decision to turn off Adobe Flash by default in Chrome before 2017 seems like the end of an era that’s always said to be ending. Later this year we plan to change how Chromium hints to websites about the presence of Flash Player, by changing […]
If you want to add some real firepower to your programming repertoire, learn Java–one of the most adaptable, widely-used programming platforms around. You can easily do that with this Ultimate Java bundle, now just $69 in the Boing Boing Store.Across 14 lectures and 117 hours of content, the educators at online academy eduCBA will walk you through […]
Every company wants to harness the power of social media, but few understand how to make that happen. Be one of those select few with this Social Media Marketing Course & Certification package, now just $29 in the Boing Boing Store.Over 12 modules of course material, you’ll learn what it takes to increase a brand’s […]
If you’ve got a killer app idea, but don’t have the technical expertise to pull it off, get a crash course in all things app development with the Comprehensive Android Development Bundle, now over 90% off in the Boing Boing Store. Across 83 hours of training, you’ll learn to develop for the world’s most popular mobile OS, mastering […]