This is a guest post from someone who wishes to remain anonymous. The article discusses how the person’s Go Daddy account was hacked.
—-
So it was a Monday morning a few weeks back – the start of a new workweek. That Monday morning I had a few things on my plate one of which was to renew a few domain names at Godaddy.com. I have been with Godaddy since the early days – I believe I registered my first name there in 1999. I have an executive account rep and I rarely have any issues with them.
That Monday morning, I tried to log into my account and it seemed as if I may have mistyped my password – I change my password all the time and it was early, maybe 7am est, I figured that I must have just forgotten my password. I submitted the password retrieval request on the site and I received a message telling me that my email address was incorrect. I am a little paranoid so I immediately believed my account was hacked or at least compromised in some way.
I then call the executive accounts number to find out exactly what was going on. It was 5 am in Gilbert Az. where Godaddy is located, but they had a rep there to assist me. This rep was not my account rep, but none the less was able to get into my account to inform me that my email had been changed about a half hour earlier and that I pushed one of my domain names to another account. The account rep helped me regain control of my account, I reset all of my passwords, and my 4 digit pin number.
I eventually got the domain name back and put a crazy high security setting on my account – where nothing can happen at all with any domain name unless I get a personal phone call and give a additional special code (a different code than the 4 digit call in security pin – a real pain in my ass – but I feel necessary now). I was also frantically checking all my other accounts in my life…I was pleasantly surprised that none of my other accounts such as banking, other registrars, paypal, email addresses, etc…had any issues with hacking – All seemed fine – I still changed all passwords etc for all my accounts….
I assumed somehow my Godaddy password got compromised and that was all – so no real worries and this was the end of it. At the time the only thing that bugged me was that it seemed Godaddy would not investigate the hacking at all for me and was pretty unhelpful in providing me any info so I could investigate it myself – there was plenty of data Godaddy could use to investigate this hacking, but I was told they did not have access to the information I was asking for. Oh well – I just figured they did not really care as it seemed that everything was back on track for me at this point and the problem was on my end. I thought that was the end of it…no such luck.
Two days later I got my account hacked again – nothing was taken as they could not move or make any changes – this really had me crazy freaked out. I concluded the problem was actually on my end – I have a mac – but I still had a thorough scan of my computer for malware and/or keylogger apps – found no issues – I wiped it clean anyway – I also purchased a powerful security software which I installed. I then changed all my Godaddy passwords, user pin etc…again – as I did with all of my other accounts in my life – Banking, emails, other registrars, etc. This seemed to do the trick as I stopped having any issues…until this morning.
My account was hacked again – I found out as soon as I woke up around 6:20am; no other personal accounts such as banking etc…had any issues – just my Godaddy account. The hacker tried to push a few domain names out, but could not as I have the high security settings which require a personal phone call with code (and the code is not online)…I was really just baffled and I immediately called Godaddy as now I was certain the breach was not on my end.
I spent a marathon session with an early morning Godaddy executive account rep and I was not taking “we don’t have access to that info” as an answer… I will say that this account rep seemed to truly care about the problem and was working with me to get to the bottom of it – He was able to look into many of the things I asked him to look into and we did get to the answer.
We realized I had not deleted any of my expired credit cards or old paypal billing agreements from my account – so I had expired cards and paypal confirmations dating back from 2000 still associated with my account. In addition to the standard giving your 4 digit pin number, Godaddy will allow access to your account with the last 6 digits of any credit card expired or not – they will additionally give access to your account with the last 4 digits of any paypal billing agreement code – which is plainly visible to anyone who has access to your Godaddy account or email account.
The hacker was calling into Godaddy and pretending to be me. The hacker seemed to originally be able to access my account by getting ahold of an old/expired credit card number and changed my email address by having the Godaddy rep send the email confirmation to the hackers designated email address – it appears as Godaddy accepted expired credit card data to allow access into my account without knowing the designated 4 digit pin number (for credit cards on Godaddy – the last 4 digits are visible on the account – but they do require the last 6 digits in lieu of the 4 digit pin number you set).
From there – the hacker gained access to my account and made note of all the entries in my ‘payment methods’ area for paypal billing transaction codes. So you know – when you authorize instant payment from paypal – you set up a billing authorization – which is kept in your ‘payment methods’ area and most of the transaction number is not visible but the last 4 digits are visible. Godaddy will allow access to your account with those 4 digits from the paypal transaction billing agreement – which is visible on my account.
In summary – The Godaddy rep was able to tell me that the hacker each time called into Godaddy – gained access to my account by either using an expired credit card number (as they did the 1st time) or last 4 digits of a paypal billing agreement code. I deleted 3 dozen old credit card numbers and all the paypal billing agreements from my account. I believe this has finally secured my account.
It is really troubling to know that everywhere I use my credit card is a potential new breach into my Godaddy account. IMO it is only a matter of time before hackers perfect this breach. I truly hope this is the end of my story on this. My suggestion to everyone is to check your payment methods and delete all the expired credit cards and all your paypal billing agreements.