Home Library Translate
A A A
Share »
Follow us on Facebook Follow us on Twitter Follow us on LinkedIn
Connect »

Blog: Crisis Management

Menu

  • This Blog's Home
  • Guest Writer Submissions
  • Policies
  • To Subscribe to a Blog
  • About
  • Feedback

Crisis Management Musts – Protecting Digital Assets

By Jonathan & Erik Bernstein on March 7, 2014

Your social media presence is a valuable commodity, don’t leave it unguarded

We’re at the point where some social media accounts are worth serious dough. Some for the rich communities built around them, some for their brand association, and some simply because they have a unique, hard-to-obtain handle. Because of that, just as we saw in the days when the ‘net in general was really starting to take off, there are virtual pirates looking to take what’s yours and either make it their own or hold it for ransom.

A warning for security slackers

The story of app developer Naoki Hiroshima, owner of the Twitter username, @N, should serve as motivation for anyone who’s slacking on their own web security – a critical part of personal crisis management in the digital age. Hiroshima owned the @N account, for which he says he’s been offered as much as $50,000, when a hacker decided to take it for himself. Hiroshima says he began receiving account reset emails from both PayPal and GoDaddy, and through a serious of events detailed in his Medium blog, lost control of the GoDaddy account altogether.

In a scary twist, Hiroshima was actually emailed by his attacker, who extorted him into giving up control of the @N Twitter account by threatening to trash the data on the websites which he runs, all registered through GoDaddy. Hiroshima even managed to get directly connected with a GoDaddy exec at some point in the process, but they were unable to help secure his accounts before he felt forced to give up @N.

Even worse, the hacker provided Hiroshima with information about how he took over control of much of his digital life, and, if he’s telling the truth, PayPal and GoDaddy failed miserably in protecting a customer’s data. A quote:

I asked the attacker how my GoDaddy account was compromised and received this response:

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello

– I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)

– I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you’d like me to
recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)

It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification. When asked about this, the attacker responded with this message:

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:00:31 -0800
Subject: RE: …hello

Yes paypal told me them over the phone (I was acting as an employee) and godaddy let me “guess” for the first two digits of the card

But guessing 2 digits correctly isn’t that easy, right?

From: <swiped@live.com> SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:09:21 -0800
Subject: RE: …hello

I got it in the first call, most agents will just keep trying until they get it

He was lucky that he only had to guess two numbers and was able to do it in a single call. The thing is, GoDaddy allowed him to keep trying until he nailed it. Insane. Sounds like I was dealing with a wannabe Kevin Mitnick—it’s as though companies have yet to learn from Mitnick’s exploits circa 1995.

The bottom line here is that, although many organizations make a big stink about how secure they keep your data, the vast majority are easy prey for anyone with a bit of “dark side” know-how (how-to instructions for tactics like the ones used in this case are readily available through a quick Google search) and a silver tongue. When it comes to protecting digital assets, always assume the burden of protection lies on you.

A happy ending, but not so fast…

There is a happy ending to Hiroshima’s story, as, likely thanks to the massive amount of publicity his blog post on the hack attracted, he regained control of the @N account over a month after he lost it. If you’re even entertaining the thought that those consequences weren’t really so dire, consider the damage someone could do if they had hold of your Twitter account for a full month not only to your organization, but also your contacts and followers through things like phishing or malware attacks.

A little more worried now?

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

« Previous Next »

Search Our Site

Meet this Blog’s Co-Hosts

Jonathan L. Bernstein, founder and Chairman of Bernstein Crisis Management, Inc. has more than 25 years of experience in all aspects of crisis management – crisis response, vulnerability assessment, planning, training and simulations.[Read more ...]


Erik Bernstein is president of Bernstein Crisis Management. Erik started with BCM in 2009 as a writer and subsequently became social media manager for the consultancy itself as well as for a number of BCM clients before moving to the president position. [Read more ...]

Recent Blog Posts

  • Are You Prepared For 2021? New Crisis Management Survey Out Now
  • Crisis Preparedness and Response Is About To Get Tougher
  • How to Create a Crisis Management Plan to Respond to a Cyber Breach
  • Audi’s ‘Insensitive Ad’, or Why you always ask how else an image could be interpreted.
  • The Road To Crisis Recovery
  • Preparing DURING The Pandemic
  • Coronavirus: What You CAN Control
  • Southwest’s COVID-19 Crisis Communications And What You Need To Be Doing
  • Crisis Manager On The Spot…Quick Coronavirus Crisis Communications Tips
  • A Hallmark Apology

Categories of Posts

  • Avoid the Apology
  • college crises
  • communications
  • conflict resolution
  • Crisis Assessment
  • Crisis Avoidance
  • crisis communications
  • crisis management
  • Crisis Management Quotables
  • crisis planning
  • crisis preparedness
  • Crisis Prevention
  • crisis public relations
  • Crisis Response
  • crisis training
  • customer service
  • cyber attacks
  • cyber bullying
  • cybersecurity
  • data breach
  • Dealing With Media
  • Digital Media Law Project
  • disaster crisis management
  • disaster prevention
  • Disaster Response
  • disease crisis management
  • emergency management
  • Erik Bernstein
  • ethics
  • Facebook
  • food industry crisis management
  • hackers
  • hacking
  • Higher Education
  • hospitality
  • HR
  • information security
  • Internal Communications
  • internet crisis management
  • internet security
  • Jonathan Bernstein
  • Journalistic ethics
  • Law
  • Litigation PR
  • litigation-related crisis management
  • Media Relations
  • media training
  • online crisis management
  • Online Reputation Management
  • political crisis management
  • PR
  • preventable crises
  • privacy breach
  • privacy violation
  • Public Relations
  • recall crisis management
  • Reputation Management
  • Risk Management
  • SEO
  • social media
  • social media crisis management
  • social media policy
  • social media reputation management
  • sports crisis management
  • violence prevention
  • vulnerability audit
  • Weiner Awards
  • workplace violence

Blogroll

  • Bernstein Crisis Management Blog
  • Jonathan Bernstein's HuffPost Blog
  • The Crisis Show

Related Library Topics

  • Assessments
  • Business Insurance
  • Computer Security
  • Coordinating Activities
  • Crisis Management
  • Employment Laws
  • Ethical Analysis
  • Lawyers (Using)
  • Managing Change
  • Marketing
  • Media Relations
  • Organizational Communications
  • Planning
  • Public Relations
  • Risk Management
  • Safety in Workplace
  • Bernstein Crisis Management Blog

Library's Blogs

  • Boards of Directors
  • Building a Business
  • Business Communications
  • Business Ethics, Culture and Performance
  • Business Planning
  • Career Management
  • Coaching and Action Learning
  • Consulting and Organizational Development
  • Crisis Management
  • Customer Service
  • Facilitation
  • Free Management Library Blogs
  • Fundraising for Nonprofits
  • Human Resources
  • Leadership
  • Marketing and Social Media
  • Nonprofit Capacity Building
  • Project Management
  • Quality Management
  • Social Enterprise
  • Spirituality
  • Strategic Planning
  • Supervision
  • Team Building and Performance
  • Training and Development
About Feedback Legal Privacy Policy Contact Us
Free Management Library, © Copyright Authenticity Consulting, LLC ®; All rights reserved.
  • Graphics by Wylde Hare LLC
  • Website maintained by Caitlin Cahill

By continuing to use this site, you agree to our Privacy Policy.X