GoDaddy improves user protection following recent Twitter account extortion

Naoki Hiroshima’s recent loss of his single-letter Twitter handle @N to hijackers who socially engineered their way across multiple services was a stark reminder that there’s a human element to security on the internet: without touching a line of code, the perpetrators allegedly took four digits of a credit card provided by a PayPal customer service representative and gave them to another rep at hosting company GoDaddy as proof of identification.

GoDaddy has updated its account security policies in the wake of the now infamous extortion of a Twitter account. As TechCrunch previously reported, a hacker claimed to have gained the Twitter user’s last four credit card digits from PayPal, which was then used to convince GoDaddy to reset their account. The compromised GoDaddy account — and its requisite domain collection — was used as leverage to extort the user out of their excellent Twitter account, @N. In the wake of the hacking and ensuing outrage over lax security, denials of culpability, TechCrunch wondered out loud why Twitter itself hadn’t made @N whole.