GoDaddy requires 6 digits, but the agent let the attacker guess 2 of them (repeatedly, until he got it right). That's truly awful.

I thought everyone knew not to use GoDaddy after the SOPA incident. Hopefully this will convince more people to move their domains to a domain registrar that cares about its customers.

SOPA was from one person (in-house counsel) and was not and is not the sentiment of c-level management or any employees I've ever talked to.

totally off-topic, but because of the SOPA nonsense I've slowly moved my 40-or-so domains to namecheap during 2013 when their renewals came up. I was otherwise ambivalent about which DNS service/registrar to use before that incident...

but thank you for helping the guy get his twitter account back and fixing up the internal controls.

Sometimes you're forced to use godaddy.

I wanted a domain that had been registered with godaddy, so I needed to backorder it through them, and register it through them.

The attacked got the last 4 from Paypal and Godaddy asked him to guess two more digits.

Guess from a fairly limited set as well, it wasn't all numbers 00-99.

http://en.wikipedia.org/wiki/List_of_Issuer_Identification_N...

Something isn't right. They ask for the 2 digits before the last 4, and then let him guess the first two.

I'm really interested to see godaddy's response to this...I'm sure paypal records their interactions, I would imagine godaddy does as well. Hell, I called Avis about something 2 months later with a dispute and they pulled the recording to make sure I wasn't BS'ing them.