Yesterday the case of Naoki Hiroshima and the hack that resulted in his @N twitter account being extorted out of his control by a hacker came to light. Hiroshima outlines the entire case and offered details that the hacker gave him on how he was able to gain control of the GoDaddy account used to extort control of the twitter account from the rightful owner.
The hacker claimed that he had used social engineering to gain control of the GoDaddy account and Hiroshima's personal email to ultimately land the twitter user account the hacker wanted. An update on the case has surfaced today with GoDaddy admitting that one of its employees was socially engineered into giving out additional information on the account.
GoDaddy Chief Information Security Officer Todd Redfoot said that the hacker had a large amount of customer information that was needed to access the account. The remainder of the info was given by the employee during a social engineering plot. GoDaddy says that the customer has full access to his GoDaddy account. GoDaddy also says that it is changing its employee training to prevent his sort of attack in the future.
You might think with GoDaddy coming clean, PayPal would too. The hacker in this case claimed to have gained the last digits of the credit card used on the GoDaddy account from PayPal. PayPal tweeted a denial yesterday claiming it gave up no personal details on the case. Hackers can’t exactly be trusted to tell the truth, but it appears in this case the truth was given on the GoDaddy information so why would the hacker lie about PayPal?