Godaddy’s questionable security was once again exposed over the weekend as fraudsters ‘tricked’ Godaddy employees into transferring domains belonging to Singapore-based cryptocurrency exchange Liquid and several other crypto sites.
This isn’t the first time that GoDaddy, the world’s largest domain registrar, has had its lack of security exposed. Earlier this year in May, GoDaddy revealed that 28,000 of its customers’ web hosting accounts were hacked following a security incident in Oct. 2019 that amazingly wasn’t discovered until April 2020.
Domains Stolen, “Called a Liar by GoDaddy”
DailyInvestNews.com spoke to an owner of one of the sites GoDaddy failed to protect. The hacking victim told DailyInvestNews:
“The first thing I noticed was an email on a Saturday, confirming my domains were transferred. I contacted GoDaddy to explain no authorisation was given and to my surprise and dismay, a very rude and aggressive Godaddy employee told me that because there was two-step verification, it is impossible to transfer the domains – basically calling me a liar.
“After two full weeks of being lied to, treated badly and the the threat of lawyers, eventually the domains were restored, No apology, no recompense and demands for a large sum of money to reveal the identity of the thieves Godaddy allowed to plunder their customers accounts.”
“The news of further hacks just goes to show that Godaddy has serious security issues, along with a real problem with customer service. To be called a liar when suffering the distress of having my sites hacked is unacceptable.”
“Hopefully, Godaddy will admit and fix their serious shortcomings and start treating their customers with more respect.”
Liquid Hack
Liquid CEO Mike Kayamori said in a blog post:
“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,”
“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
GoDaddy Refuse to Reveal How Their Employees Were ‘Tricked’
GoDaddy spokesperson Dan Race said.
“Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.”
“We immediately locked down the accounts involved in this incident, reverted any changes that took place to accounts, and assisted affected customers with regaining access to their accounts,” GoDaddy’s statement continued. “As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”
Race refused to specify how its employees were ‘tricked’ into making the unauthorized changes, saying the matter was still under investigation.