GoDaddy is once again in the news for all the wrong reasons after employees were tricked into helping hackers take over domains.
This latest attack targeted a number of cryptocurrency services, and relied on “social engineering” to convince GoDaddy employees to hand over control of the target companies’ domain names. Mike Kayamori, CEO of Liquid, described the attack:
On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.
Kayamori said the company believes all client funds and digital wallets are secure, although personal information was compromised, including names, emails and encrypted passwords.
Although there does not appear to be any statement on GoDaddy’s website acknowledging the breach, the company issued a statement to Engadget, confirming that a “limited number” of its employees had fallen for “social engineering” tactics resulting in unauthorized changes to customers accounts and domains.
This is a huge embarrassment for GoDaddy, especially since the company was victim of a similar attack that impacted Escrow.com back in March.