password-cracker

Pulling an account password can be hard or easy, it’s up to you.

The bottom line for when it comes to personal security on the internet is you must take care of it yourself.  Many .com companies will make lofty promises of keeping your private data secured, but when things go bust they don’t take responsibility when your account is compromized.

online_payment

PayPal will require users to submit a bank account number or credit card number

Identity theft becomes an even greater problem when your financial information is tied to an online account.  One of the latest personal story which adds more worries and woes to trusting internet organizations is of a man that got his GoDaddy and PayPal account hacked just by a mere guessing game.

Naoki Hiroshima owned a very rare and well-sought after Twitter handle (@N), and so he was a target of a hacking scheme that would raise some eyebrows in the security industry.  The hacker resorted to extortion to obtain the @N handle by simply calling PayPal to obtain the last four digits of Naoki’s credit card.  From there, he was able to use those last four digits to gain access to Naoki’s GoDaddy account, which was responsible for hosting a slew of the victim’s important websites.

Shortly thereafter, the extortion process began.  SOCIAL MEDIA KING demanded that Naoki release the @N Twitter handle to him or else Naoki’s vast network of websites will become compromised.  Rather than risking his whole network, Naoki decided it was prudent to hand over the @N handle and call it a day.

They Left the Doors Wide-Open

godaddy-girls

Ad campaigns don’t make up for the lack of security

As frustrating as it was to lose the precious Twitter handle, Naoki was even more angered by the lack of security measures taken by his information holders—specifically PayPal and GoDaddy.  PayPal allowed the hacker unlimited guesses as to what Naoki’s last four credit card digits were.  GoDaddy nailed up the coffin when it allowed the hacker to use the last four digits of the credit card number as ‘verification’.

Protecting yourself from identity theft is even more crucial now than ever before.  Using credit card numbers to shop online has become the norm.  Even if you shop exclusively at brick-and-mortar stores, it’s difficult to avoid giving some financial information away.  Financial institutions have stepped up their promise of securing your bank accounts through methods like one-time credit card numbers.  If your bank or credit issuer offers such an option, it would be wise to take advantage of it.

Scramble and Scrabble

Naoki himself has urged account holders of GoDaddy to move their domains to another registrar, and remove all forms of credit card information from PayPal.  While this will serve as tools for preventing future intrusion through these companies, it doesn’t completely remove all forms of future identity theft attempts.  First things first, if you have many accounts sensitive accounts, try to link those accounts to an email that uses two factor authentication like GMail and Yahoo.

If you think your business is in need of a security overhaul, let our IT professionals work with you to ensure that you can go to sleep knowing your private data remains safe and secure.

You can also read the complete blog post by Naoki Hiroshima here.