+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
General Chat Thread, How i lost my $50,000 twitter username in General; How i lost my $50,000 twitter username i think this is ridiculous, security should be 1000000 x better, wouldn't expect ...
  1. #1

    Join Date
    Dec 2013
    Posts
    13
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    How i lost my $50,000 twitter username

    How i lost my $50,000 twitter username

    i think this is ridiculous, security should be 1000000 x better, wouldn't expect it from paypal.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,941
    Thank Post
    1,628
    Thanked 1,898 Times in 1,410 Posts
    Blog Entries
    2
    Rep Power
    429
    That is a good read. Definitely wouldn't expect that from a company such as paypal.

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    I would. I stopped trusting PayPal a long time ago. Thery tout it as a safer way to buy but you actually have fewer consumer protections when buying something via PayPal then just buying it on credit card. Even if you have 2FA enabled they allow you to bypass it with security questions, and many of their security questions are the sort of "mothers maiden name" rubbish (the answer to which is on public record, for crying out loud. Pro tip: use made-up answers to these that only you know).

  4. #4

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,095
    Thank Post
    592
    Thanked 1,953 Times in 1,351 Posts
    Blog Entries
    19
    Rep Power
    814
    Quote Originally Posted by AngryTechnician View Post
    Pro tip: use made-up answers to these that only you know
    This is what I do. Hasn't caused any problems so far. [I'm surprised I remember them...]

  5. #5


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,176
    Thank Post
    372
    Thanked 626 Times in 398 Posts
    Rep Power
    252
    This article horrified me. I actually feel sick now.

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,689
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    That's horrendous. I hope Paypal and Godaddy sort it out and compensate him, and that Twitter recover his handle!

  7. #7

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,282
    Thank Post
    1,379
    Thanked 2,381 Times in 1,676 Posts
    Rep Power
    704
    I have to have a whole scenario in my head - my mum's name, where I went to school etc etc in order to remember the fake securit answers
    It works though

  8. #8

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,400
    Thank Post
    602
    Thanked 2,171 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630
    Unfortunately consumer security must apply to lowers standards than those we are used to in IT.
    Besides, who uses GoDaddy and surely they had a backup of their work off-server.
    I would have gone 'nah' kept the Twitter tag and sorted it all out with PayPal and GoDaddy. You can get there eventually, especially if you have an evidence trail.
    Besides, if their Twitter tag has been extorted out of them then surely it would be easy to recover it legally and prosecute (if possible) those responsible.

  9. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,689
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Quote Originally Posted by Dos_Box View Post
    Besides, who uses GoDaddy and surely they had a backup of their work off-server.
    They have 31% of the market with ICANN - by far the largest share. So, a heck of a lot of people do it.

    I would have gone 'nah' kept the Twitter tag and sorted it all out with PayPal and GoDaddy. You can get there eventually, especially if you have an evidence trail.
    Besides, if their Twitter tag has been extorted out of them then surely it would be easy to recover it legally and prosecute (if possible) those responsible.
    Indeed. I'd guess this would be a case for the FBI to deal with!

  10. #10

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,807
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    GoDaddy has a market share because their service is fast, acceptably cheap, and easily accessible. I use them!

  11. #11
    Tesla's Avatar
    Join Date
    Nov 2013
    Location
    Milton Keynes
    Posts
    763
    Thank Post
    100
    Thanked 133 Times in 104 Posts
    Blog Entries
    1
    Rep Power
    38
    Very good read, what worries me is that the attacker knew about the workarounds, so must have been done before to other users.

  12. #12
    d0pefish's Avatar
    Join Date
    Jul 2012
    Posts
    341
    Thank Post
    0
    Thanked 116 Times in 37 Posts
    Rep Power
    67
    I'd have thought with those emails showing he was extorted in to it that would be proof enough (OK I know emails can be faked, but in this case to what gain). He could also draw on the proof of credit card details being changed, account info being changed to prove it was extorted.
    With this being in the US (I assume) he'll no doubt sue the relevant companies and make money.

    Plus, the username wasn't technically worth $50k. It might have been at that point in time one person offered him that amount, but surely it is only worth what someone is willing to pay at the present time.

  13. #13
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    This isnt a new flaw either, this article from 2012 had the same entry point: How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com Amazon gave out the last 4 credit card digits and apple took them as proof.

  14. #14
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,119
    Thank Post
    826
    Thanked 358 Times in 282 Posts
    Blog Entries
    60
    Rep Power
    281
    Hmmm, and there was me thinking of moving most of my online life to my own domain. I better check with CSN as to how attack-proof I am. :/

    Just updated my SOA TTL to a week...
    Last edited by CAM; 29th January 2014 at 01:44 PM.

  15. #15

    Danp's Avatar
    Join Date
    Jul 2011
    Posts
    1,446
    Thank Post
    78
    Thanked 168 Times in 148 Posts
    Rep Power
    147
    Not quite the same money involved, but I had 100 domain names 'stolen' from me in a similar scam about 5 years ago lost the domains and the money

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Lost my NAS?
    By El_Nombre in forum Wireless Networks
    Replies: 10
    Last Post: 21st October 2008, 10:38 AM
  2. LOST MY DRIVE
    By sunpush in forum Hardware
    Replies: 4
    Last Post: 7th October 2008, 11:18 AM
  3. How to move my Domain
    By button_ripple in forum Windows Server 2008
    Replies: 2
    Last Post: 12th July 2008, 10:09 PM
  4. They lost MY laptop *cry*
    By greenfieldsupport in forum General Chat
    Replies: 30
    Last Post: 23rd November 2007, 10:19 PM
  5. Lost my serial
    By CyberNerd in forum *nix
    Replies: 2
    Last Post: 30th June 2006, 01:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •