http://techcrunch.com/2014/01/29/godaddy-admits-hackers-social-engineering-led-it-to-divulge-info-in-n-twitter-account-hack/
By Matthew Panzarino
@panzer
TechCrunch
January 29, 2014
An update in the @N account hacking case has just come through from
GoDaddy, one of the companies involved in the somewhat convoluted social
engineering case. The company admits that one of its employees was
'socially engineered' into giving out additional information which allowed
a hacker to gain access to Naoki Hiroshima’s GoDaddy account.
The hack, which we detailed in a post earlier today, was performed by
calling up PayPal and GoDaddy to gain access to Hiroshima’s personal
email, which was then used to extort the @N Twitter user handle from him.
Hiroshima outlined the hack in a post on Medium, which garnered a lot of
attention. We received responses from Twitter that the matter was being
looked into and PayPal was spurred to issue a denial that it had provided
credit card information, and to note that its employees were trained to
avoid social engineering attacks.
Social engineering is a method of hacking in which attackers utilize
personal or not-so-personal information to impersonate the rightful owner
of an account. They call up the company in question and engineer a ‘reset’
of the account permissions that allow them to take over.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
