Click to Skip Ad
Closing in...

PayPal and GoDaddy will hand your data over to just about anyone

Updated Jan 30th, 2014 3:49AM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

An app developer who had a rare Twitter username revealed he has been hacked by a person that wanted to own the @N handle at all costs, with PayPal and GoDaddy serving as unsuspecting accomplices in the ordeal. After blocking Naoki Hiroshima out of his PayPal and GoDaddy accounts, the hacker demanded to compromise – “access to @N for about 5 minutes while I swap the handle in exchange for your GoDaddy and help securing your data,” he wrote in an email.

Hiroshima had to agree with the exchange, as GoDaddy was not able to help him regain control to his web properties otherwise. After the exchange, the hacker told Hiroshima how he was able to gain access to his online properties, revealing it all started with PayPal, which gave the attacker the last four digits of his credit card. He then contacted GoDaddy by phone, just like he did with PayPal, saying that the had lost the card but remembered the last four digits.

Apparently GoDaddy would have allowed the hacker to keep trying until he got it right, although he apparently managed to guess the numbers from the beginning – it’s not clear whether the same cards were used for these two accounts, but it’s certainly a possibility.

In order to avoid such potential security hassles, Hiroshima advises users not to use the same email address for multiple services, and not to use a custom domain for logins. Furthermore, he advises for better security for web properties, as well as using two-factor authentication when available. Interestingly, the hacker also revealed that PayPal users could avoid such an issue by calling the company and placing a note to their accounts not to release any details related via phone.

Wired‘s Mat Honan was also hacked last year, with an attacker taking advantage of certain security flaws in Apple and Amazon to access and wipe personal data.

PayPal, GoDaddy and Twitter are each looking into the matter, The Next Web has been told.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.