PDA

View Full Version : Recent hacking involving GoDaddy, Paypal and Twitter



LeadMaster
01-31-2014, 04:20 PM
Have you heard the recent story of a hacker managing to collect financial information from major entities GoDaddy and Paypal on a particular user such as credit card detail? He ended up hacking his Twitter as well and gaining access to the handle @N which has a price tag of $50k. It's easy to assume it won't happen to you!

FlyPizzaGuy
01-31-2014, 06:19 PM
Do you have any links to back this story up?

Brian Altenhofel
01-31-2014, 06:47 PM
Do you have any links to back this story up?

How I Lost My $50,000 Twitter Username (http://gizmodo.com/how-i-lost-my-50-000-twitter-username-1511578384)

There you go.

If the facts he's put forth are correct, he shouldn't be rolling over like he is. He should have filed a police report and he should being filing a civil suit. He can't really claim "I can't afford a lawyer" if he's got a case, because 99% of the time these types of cases will be taken on contingency if he's actually got a case and he hasn't misrepresented the facts.

PayPal claims the facts are incorrect (https://www.paypal-forward.com/leadership/paypal-takes-your-security-seriously/). GoDaddy says the social engineer was in possession of the required personal information (http://www.pcworld.com/article/2093100/godaddy-owns-up-to-role-in-twitter-account-hijacking-incident.html). The social engineer says he got the information from PayPal.

Harold Mansfield
02-03-2014, 02:20 PM
I heard and read about this last week. Pay Pal says they were not hacked. but that the guy already had the neccessary information to access the account.


The hacker claimed he then called GoDaddy’s customer support and posed as the developer. In order to verify his identity, GoDaddy asked for the last 6 digits of the credit card on record. The attacker said had the last four from PayPal and simply guessed the other two.

Really? He just guessed and got it correct on the first try? I gotta call BS on that one. When determining who to beleive here, I have to go with who is more credible...Pay Pal, or a criminal? The entire story sounds a little fishy to me from both the extortionist and the victim.

Brian Altenhofel
02-03-2014, 02:47 PM
Really? He just guessed and got it correct on the first try?

On the first call... he says GoDaddy let him keep trying...

To be fair, I've had to brute force my own last four and secret answer on very old accounts with several reputable companies before where I no longer had the card on file and/or could not recall the question/answer combination I had used on the account.

LeadMaster
02-07-2014, 03:37 PM
I relate Brian, I have been in some sticky situations like that as well. I can understand unique usernames bringing hackers in like flies and situations like this are probably fairly common although this story made waves.