[ISN] GoDaddy Admits Hacker’s Social Engineering Led It To Divulge Info In @N Twitter Account Hack

http://techcrunch.com/2014/01/29/godaddy-admits-hackers-social-engineering-led-it-to-divulge-info-in-n-twitter-account-hack/ By Matthew Panzarino @panzer TechCrunch January 29, 2014 An update in the @N account hacking case has just come through from GoDaddy, one of the companies involved in the somewhat convoluted social engineering case. The company admits that one of its employees was ‘socially engineered’ into giving out additional information which allowed a hacker to gain access to Naoki Hiroshima’s GoDaddy account. The hack, which we detailed in a post earlier today, was performed by calling up PayPal and GoDaddy to gain access to Hiroshima’s personal email, which was then used to extort the @N Twitter user handle from him. Hiroshima outlined the hack in a post on Medium, which garnered a lot of attention. We received responses from Twitter that the matter was being looked into and PayPal was spurred to issue a denial that it had provided credit card information, and to note that its employees were trained to avoid social engineering attacks. Social engineering is a method of hacking in which attackers utilize personal or not-so-personal information to impersonate the rightful owner of an account. They call up the company in question and engineer a ‘reset’ of the account permissions that allow them to take over. […]