GoDaddy changing security policy after infamous social engineering attack on @N
Naoki Hiroshima’s scary tale of losing his single-character Twitter handle has captivated the internet over the last few days. First, we heard the story of how Naoki was held ransom for the rare handle, then GoDaddy admitted it was partially responsible for giving out details that lead to the compromise.
Today, GoDaddy said on Twitter that it is changing its security policies to help protect against similar attacks of social engineering in the future:
@N_is_stolen Will do. We now require 8 card digits, lock after 3 attempts and deal with 2-factor authentication accounts differently. ^NF
— GoDaddy (@GoDaddy) February 1, 2014
The change may appear small on the surface, but should help prevent a repeat of the same story. It would be extremely hard for an attacker to gain 8 digits of a credit card (unless the whole card was stolen) and by locking the account after 3 attempts the company is protecting itself from attackers that would just hang up the phone and try again with a new representative.
Unfortunately, Naoki still hasn’t received his Twitter account back with the handle now in the grips of yet another squatter. The story isn’t quite over yet.
Image via Shutterstock