Domain names are frequently likened to online real estate, and that analogy hits home this week with news that Twitter user Naoki Hiroshima lost his Twitter handle @N, valued at over $50,000 due to a hacker “socially engineering” a GoDaddy customer service rep into giving out additional account information and allowing the hacker to take control of Naoki’s domain name. The domain name hosted Naoki’s email which was tied to his Twitter account. The hacker then extorted Naoki, threatening to take all of his domains unless he released the Twitter account.
In today’s age of 24/7 instant access and light-speed communications, we don’t have time to wait for “snail mail” to verify ownership and identities, that’s why so many of our verifications are tied to email addresses. Lose control of your email address and you can lose control of everything tied to it: bank accounts, online store accounts which may have stored payment information, and of course our social media. Lose control of your domain names and you lose control of the emails associated with them.
101domain is very serious about domain security. We always have been. Our largest tenet has always been that domain security is paramount. Sure we get blowback sometimes when customers want to make DNS changes or reset passwords over the phone or chat, but hopefully this story can help impart on everyone why we refuse to, without many layers of identification.
101domain accounts are eligible for 2-factor authentication protection, which is what prevented the Hacker from taking Naoki’s Twitter handle outright, without Naoki’s knowledge. If not for the GoDaddy customer service rep being “socially engineered”, or conned, into providing additional account information, there’s nothing the hacker could have done. Our reps are trained extensively to deal with situations exactly like this, and have very stringent protocols to follow.
For even more protection, 101domain offers a suite of security products to help you protect your valuable online properties. One of the strongest and most full-proof methods of protection is Portfolio Secure™. Our Portfolio Secure™ security service freezes your account from any unauthorized critical changes. No one (neither client nor staff) is able to make changes to your account or your domains without answering the proper security questions.
Security is and always had been our top priority. Hopefully it is yours too.