GoDaddy Admits Hacker's Social Engineering Led It To Divulge Info In @N Twitter Account Hack

[InfoSec News <alerts () infosecnews org>]

http://techcrunch.com/2014/01/29/godaddy-admits-hackers-social-engineering-led-it-to-divulge-info-in-n-twitter-account-hack/

By Matthew Panzarino
@panzer
TechCrunch
January 29, 2014

An update in the @N account hacking case has just come through from 
GoDaddy, one of the companies involved in the somewhat convoluted social 
engineering case.  The company admits that one of its employees was 
'socially engineered' into giving out additional information which allowed 
a hacker to gain access to Naoki Hiroshima’s GoDaddy account.

The hack, which we detailed in a post earlier today, was performed by 
calling up PayPal and GoDaddy to gain access to Hiroshima’s personal 
email, which was then used to extort the @N Twitter user handle from him.

Hiroshima outlined the hack in a post on Medium, which garnered a lot of 
attention. We received responses from Twitter that the matter was being 
looked into and PayPal was spurred to issue a denial that it had provided 
credit card information, and to note that its employees were trained to 
avoid social engineering attacks.

Social engineering is a method of hacking in which attackers utilize 
personal or not-so-personal information to impersonate the rightful owner 
of an account. They call up the company in question and engineer a ‘reset’ 
of the account permissions that allow them to take over.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/