[shiftpgdn]

Sounds like it was just social engineered out of HostMonster. Almost all of the EIG hosts (HostMonster, BlueHost, iPage, HostGator, etc) use awful outsourced support that are only rated on amount of tickets closed/solved. They are very lackadaisical with customer information and verify accounts based on the last four digits of the card used. I'm guessing the "hacker" in this case guessed the last four of the card via livechat or a support ticket and then got in and moved the domain over to GoDaddy.

[chomp]

"I remembered the notification from YouTube that someone had accessed my account from a different location – a notification I had ignored, assuming that I had logged in on a mobile device or that my husband had accidentally logged into my account instead of his own."

All of her accounts were compromised - seems more likely to be malware than social engineering.

Also the hosts you mentioned use in-house support.

[shiftpgdn]

Actually many of their support staff are outsourced through GlowTouch which is an Indian based support firm. It's in the EIGI S1 filing here: http://secfilings.nasdaq.com/filingFrameset.asp?FileName=000...

[chomp]

Yeah, they are in charge of Hostgator India. They have no reach into the US based brands.

Source: I work at one of the aforementioned brands.

[shiftpgdn]

Unless you're in Burlington you probably aren't familiar with the brands you don't work at. Most of them have support provided through GlowTouch. Even HostGator USA has GlowTouch Indians doing transfers and helping in ticket queues.

[Kiro]

Source? You just replied to someone who works there and who specifically said "They have no reach into the US based brands.".