+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
General Chat Thread, How i lost my $50,000 twitter username in General; How i lost my $50,000 twitter username i think this is ridiculous, security should be 1000000 x better, wouldn't expect ...
  1. #1

    Join Date
    Dec 2013
    Posts
    13
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    How i lost my $50,000 twitter username

    How i lost my $50,000 twitter username

    i think this is ridiculous, security should be 1000000 x better, wouldn't expect it from paypal.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,783
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    That is a good read. Definitely wouldn't expect that from a company such as paypal.

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    I would. I stopped trusting PayPal a long time ago. Thery tout it as a safer way to buy but you actually have fewer consumer protections when buying something via PayPal then just buying it on credit card. Even if you have 2FA enabled they allow you to bypass it with security questions, and many of their security questions are the sort of "mothers maiden name" rubbish (the answer to which is on public record, for crying out loud. Pro tip: use made-up answers to these that only you know).

  4. #4

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,033
    Thank Post
    591
    Thanked 1,945 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    Quote Originally Posted by AngryTechnician View Post
    Pro tip: use made-up answers to these that only you know
    This is what I do. Hasn't caused any problems so far. [I'm surprised I remember them...]

  5. #5


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,136
    Thank Post
    370
    Thanked 615 Times in 392 Posts
    Rep Power
    250
    This article horrified me. I actually feel sick now.

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    That's horrendous. I hope Paypal and Godaddy sort it out and compensate him, and that Twitter recover his handle!

  7. #7

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,109
    Thank Post
    1,367
    Thanked 2,374 Times in 1,671 Posts
    Rep Power
    703
    I have to have a whole scenario in my head - my mum's name, where I went to school etc etc in order to remember the fake securit answers
    It works though

  8. #8

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,843
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627
    Unfortunately consumer security must apply to lowers standards than those we are used to in IT.
    Besides, who uses GoDaddy and surely they had a backup of their work off-server.
    I would have gone 'nah' kept the Twitter tag and sorted it all out with PayPal and GoDaddy. You can get there eventually, especially if you have an evidence trail.
    Besides, if their Twitter tag has been extorted out of them then surely it would be easy to recover it legally and prosecute (if possible) those responsible.

  9. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by Dos_Box View Post
    Besides, who uses GoDaddy and surely they had a backup of their work off-server.
    They have 31% of the market with ICANN - by far the largest share. So, a heck of a lot of people do it.

    I would have gone 'nah' kept the Twitter tag and sorted it all out with PayPal and GoDaddy. You can get there eventually, especially if you have an evidence trail.
    Besides, if their Twitter tag has been extorted out of them then surely it would be easy to recover it legally and prosecute (if possible) those responsible.
    Indeed. I'd guess this would be a case for the FBI to deal with!

  10. #10

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,776
    Thank Post
    764
    Thanked 541 Times in 424 Posts
    Rep Power
    259
    GoDaddy has a market share because their service is fast, acceptably cheap, and easily accessible. I use them!

  11. #11
    Tesla's Avatar
    Join Date
    Nov 2013
    Location
    Milton Keynes
    Posts
    754
    Thank Post
    100
    Thanked 133 Times in 104 Posts
    Blog Entries
    1
    Rep Power
    38
    Very good read, what worries me is that the attacker knew about the workarounds, so must have been done before to other users.

  12. #12
    d0pefish's Avatar
    Join Date
    Jul 2012
    Posts
    330
    Thank Post
    0
    Thanked 110 Times in 35 Posts
    Rep Power
    66
    I'd have thought with those emails showing he was extorted in to it that would be proof enough (OK I know emails can be faked, but in this case to what gain). He could also draw on the proof of credit card details being changed, account info being changed to prove it was extorted.
    With this being in the US (I assume) he'll no doubt sue the relevant companies and make money.

    Plus, the username wasn't technically worth $50k. It might have been at that point in time one person offered him that amount, but surely it is only worth what someone is willing to pay at the present time.

  13. #13
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    This isnt a new flaw either, this article from 2012 had the same entry point: How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com Amazon gave out the last 4 credit card digits and apple took them as proof.

  14. #14
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,075
    Thank Post
    812
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    Hmmm, and there was me thinking of moving most of my online life to my own domain. I better check with CSN as to how attack-proof I am. :/

    Just updated my SOA TTL to a week...
    Last edited by CAM; 29th January 2014 at 01:44 PM.

  15. #15

    Danp's Avatar
    Join Date
    Jul 2011
    Posts
    1,446
    Thank Post
    78
    Thanked 168 Times in 148 Posts
    Rep Power
    147
    Not quite the same money involved, but I had 100 domain names 'stolen' from me in a similar scam about 5 years ago lost the domains and the money

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Lost my NAS?
    By El_Nombre in forum Wireless Networks
    Replies: 10
    Last Post: 21st October 2008, 10:38 AM
  2. LOST MY DRIVE
    By sunpush in forum Hardware
    Replies: 4
    Last Post: 7th October 2008, 11:18 AM
  3. How to move my Domain
    By button_ripple in forum Windows Server 2008
    Replies: 2
    Last Post: 12th July 2008, 10:09 PM
  4. They lost MY laptop *cry*
    By greenfieldsupport in forum General Chat
    Replies: 30
    Last Post: 23rd November 2007, 10:19 PM
  5. Lost my serial
    By CyberNerd in forum *nix
    Replies: 2
    Last Post: 30th June 2006, 01:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •