GoDaddy accounts vulnerable to social engineering and Photoshop

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2898128/disaster-recovery/godaddy-accounts-vulnerable-to-social-engineering-and-photoshop.html

By Steve Ragan
CSO
March 19, 2015

On Tuesday, my personal account at GoDaddy was compromised. I knew it was 
coming, but considering the layered account protections used by the 
world's largest domain registrar, I didn't think my attacker would be 
successful.

I was wrong. He was able to gain control over my account within days, and 
all he needed to do was speak to customer support and submit a 
Photoshopped ID.

GoDaddy serves more than 13 million customers, who in turn place 59 
million domains under the registrar's management. They have thousands of 
employees working across the globe who help staff the support and 
operations teams twenty-four hours a day.

Sometimes, customers forget their account number or password; perhaps they 
forget what email they've used to register a domain. In either case, 
GoDaddy's support staff are there to assist.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/