Original Link: https://medium.com/p/24eb09e026dd
Naoki Hiroshima :
A story of how PayPal and GoDaddy allowed the attack and caused me to lose my $50,000 Twitter username.
This post is another reason not to use GoDaddy…
Stories like this are why I’m always nervous about apps that ask for your email credentials.. If someone has access to your email account, they can get access to everything else you do online pretty quickly by password resets.
If you are on a service that offers two-factor authentication, I suggest you enable it.
At The Interviewr, we require users to verify their phone number when they first sign up before they can do any interviews, if a support ticket requires account changes, then we send a one-time code to their phone that they enter in at a unique URL we send them.
I’ve also implemented PINs that users can set to prevent unauthorized account changes, and I’m about to turn on the two-factor authentication option on login, once I finish testing it.
We are moving into a era where we need to give users more security, and users need to take advantage of when those security options are available or we’ll get more stories like this every day.