GoDaddy Accounts Vulnerable To Social Engineering (and Photoshop)

← Back to Stories (view on slashdot.org)

GoDaddy Accounts Vulnerable To Social Engineering (and Photoshop)

Posted by Soulskill on Friday March 20, 2015 @09:58AM from the only-as-strong-as-its-weakest-hyperlink dept.

itwbennett writes: On Tuesday, Steve Ragan's GoDaddy account was compromised. He knew it was coming, but considering the layered account protections used by the world's largest domain registrar, he didn't think the attacker would be successful. He was wrong. Within days, the attacker gained control over Steve's account just by speaking to customer support and submitting a Photoshopped ID.

3 of 70 comments (clear)

Min score:

Reason:

Sort:

Meh by grimmjeeper · 2015-03-20 10:01 · Score: 5, Insightful

This is reason 363956 why you don't want to use GoDaddy to host your name or accounts.
I call BS... by fuzzyfuzzyfungus · 2015-03-20 10:03 · Score: 5, Funny

I'm not sure I believe this story. GoDaddy doesn't offer customer support, so how could the social engineers have spoken to them?
Godaddy are thieving wankers dot com by Dr_Barnowl · 2015-03-20 10:32 · Score: 5, Interesting

... is the name of a domain name I searched for on their site to see if they'd bite.
A few years ago I thought I'd buy a domain for myself. Went and searched for it on their site. NEVER DO THIS.
It wasn't taken.
I ummed and aahed and slept on it.
I came back. It was taken. By Domains By Proxy LLC. Who are owned by GoDaddy.
It seems to have been sold on to another speculator, unless Afternic are them too. (I just checked. Afternic were bought out by GoDaddy in 2013).
I own the .co.uk variant of it now. I used GANDI, who by all accounts, are not wankers.
So, if you want a domain, be prepared to buy it on the spot if it's available. And use a registrar who aren't arseholes.