Naoki Hiroshima had (i.e. squatted) a rare and valuable Twitter handle, @N. It was extorted from him, he claims, by a scammer who figured out that PayPal reveals part of one's credit card number during security verification—and that GoDaddy accepts the same part of the number during security verification.
I asked the attacker how my GoDaddy account was compromised and received this response:
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
GoDaddy outright refused to help him at first, too. It's shocking how weak account security is there, and at PayPal: "Don’t let companies such as PayPal and GoDaddy store your credit card information," Hiroshima writes.
UPDATE: On its Twitter account, PayPal denies that it gave out "any credit card details".
The UK lumpenproletariat will surely accept, nay, cheer, the fact that their betters are too well-bred to be expected to follow the same rules as the rabble. From The Independent Politicians have exempted themselves from Britain’s new wide-ranging spying laws. The Investigatory Powers Act, which has just passed into law, brings some of the most […]
“Donald in Mathmagic Land” was released in 1959. As Walt Disney said, “The cartoon is a good medium to stimulate interest.”
Aarian Marshall reports that poor towns are ripping up pothole-ridden roads rather than pay to maintain them. Repaving roads is expensive, so Montpelier instead used its diminishing public works budget to take a step back in time and un-pave the road. Workers hauled out a machine called a “reclaimer” and pulverized the damaged asphalt and […]
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]
The ARMOR-X Mini Flexible Phone Tripod is a smartphone tripod that is designed with flexible legs to rest on virtually any type of surface. Other tripods have proved useless unless I conveniently have a flat surface in front of me, which is why this particular tripod was appealing enough to try out. The ARMOR-X is compact and easy […]
You don’t need to get an advanced degree and take out massive loans to become a coder. This bundle of 10 courses was designed to teach anyone to code at home for less than it costs to go out for dinner. I was particularly impressed with this new 2017 bundle because it includes courses on […]