GoDaddy has updated its account security policies in the wake of the now infamous extortion of a Twitter account. As TechCrunch previously reported, a hacker claimed to have gained the Twitter user’s last four credit card digits from PayPal, which was then used to convince GoDaddy to reset their account.
The compromised GoDaddy account — and its requisite domain collection — was used as leverage to extort the user out of their excellent Twitter account, @N. In the wake of the hacking and ensuing outrage over lax security, denials of culpability, TechCrunch wondered out loud why Twitter itself hadn’t made @N whole.
We spoke to @N, known to most as Naoki Hiroshima, after the fact and and he detailed a few things that GoDaddy should do to tighten its security, methods that might have helped protect his account:
“[Two factor authentication] can’t prevent this from happening again,” says Hiroshima. “GoDaddy allowed the guy to reset everything over the phone. As long as a company only uses the last 4 digits of a [credit card] to verify [identity], this will keep happening. They should ask multiple questions.”
GoDaddy has made steps that mirror what Hiroshima felt was needed. In a tweet today, the company said the following:
@N_is_stolen Will do. We now require 8 card digits, lock after 3 attempts and deal with 2-factor authentication accounts differently. ^NF
Requiring more credit card digits matters. If the hacker in question had been required to provide that quantity of information, the jig would have been up prematurely: The hacker claims that PayPal gave them the last four digits of Hiroshima’s credit card. If the GoDaddy threshold had been higher, we wouldn’t be talking about this now.
It’s a bummer that GoDaddy was able to be compromised in the above way, but the new security policies should reduce future risk for its customers, of which I am one.
I’ve reached out to GoDaddy for an explanation of the changes to its security policies and will update this post when I hear back.
Top Image Credit: Flickr (Image cropped)