I use Godaddy.com for alot of my domains, both for domain registration and hosting, so this story doesn’t give me the warm & fuzzy feeling I’d like from a domain registration company. But nevertheless, it reminds us that we should change our passwords regularly and make sure that they are strong. And it also reminds us that, no matter how secure the technology is, hackers can get by via some social engineering, by basically calling up some gullible or careless tech support person, pretend that they’re you, and get tech support to divulge personal information about you without doing a little background check.
Updates to this story can be found here.
We can now confirm that the attacker in fact got the access details through Gmail and set up a forward filter to send incoming emails from GoDaddy to another Gmail account. Now the account had a strong approximate 15 character long password. How the hell did he manage to get in? Is it another Gmail Security Flaw? … Aibek]
Now it turns out that in order to transfer the domain, Ferank (or someone helping him) called up GoDaddy and impersonated Aibek. At that point he had already access to our account (or at least had enough information to recover the username/pass for the account) and basically said “hi, I’m the owner of MakeUseOf.com, please transfer the domain”. GoDaddy then complied.
Good luck to the makeuseof.com folks!