haltercameron12
By:
haltercameron12

Social Engineering. Any protocols in place to prevent it?

January 29, 2014 2k views
After just recently reading an article about a recent social engineering attack on a twitter user involving Godaddy and Paypal; I was curious to find out what protocols DigitalOcean has in place to prevent these attacks. It's pretty concerning since OTP was enabled and someone still managed to gain control of his Godaddy and Twitter account. It's a pretty interesting read: http://gizmodo.com/how-i-lost-my-50-000-twitter-username-1511578384
Log In to Comment
2 Answers
jonathan January 30, 2014
Yes. Common sense and two-factor authentication! I think that's what you meant by OTP (One Time Password)? But the author said he only had it on for his PayPal account. He said the attack vector started through Facebook, they changed his gmail account, and hacked his twitter. If he'd have have

PLEASE let this be a lesson for everyone - ENABLE TWO FACTOR AUTHENTICATION EVERYWHERE YOU CAN! MY DigitalOcean account has it, my Cloudflare account (which handles the MX records) has it, my Facebook, Twitter and Gmail accounts all have it. Yes, it's one more thing to do when logging in, but it makes you virtually hackproof.

The user in that post wasn't hacked because of any system failure or missing protocols; he was hacked because he didn't use the 2FA (call it OTP, TSA, two-step-authentication or whatever) that is provided for all of the services he uses, including GoDaddy.
Reply
jonathan January 30, 2014
Can't find the edit button - no idea what happened to last sentence of para 1, but it should finish "if he'd have enabled two factor authentication, it couldn't have happened".
Reply
Have another answer? Share your knowledge.