Yesterday evening, I received a text message from a colleague asking me if I had seen the Escrow.com website. I had opened a transaction a few hours earlier, and I did no I then did a hard refresh, and I saw that the homepage had been seemingly taken down and there was a message in plain text across the top of the website. I reached out to Escrow.com and was told they were working to resolve the issue, and that it did not involve any unauthorized access to internal data.
I visited Escrow.com this morning, and it appears that the website is up and running. I followed up with a couple of emails this morning asking for more details about what happened and if any internal data or account information was compromised. Jackson Elsegood, General Manager of Escrow.com, just replied to me with a link to a statement about the issue from Freelancer.com CEO Matt Barrie (Freelancer.com owns Escrow.com):
Sydney, March 31st 2020
At 5:07pm PST today, hackers got access to our domain registry account for the Escrow.com domain through a breach of our domain registrar’s systems.
Our team immediately learned of the situation and within minutes were working with the registrar to regain access to the account. We regained control of DNS by approximately 7:00pm PST.
During the incident the hackers changed the DNS records for Escrow.com to point to to a third party web server that displayed the following message:
We wish to make clear that:
- No Escrow.com systems were compromised.
- The registry account solely contained Escrow.com owned domains.
- No accounts holding customer domains were compromised.
- No customer data was accessed.
- No customer funds were accessed or at risk.
During the incident, our security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account.
During this phone call, our security team learned that the route of entry was that the hacker had unlawfully accessed our registrar’s internal support systems and was using them to make changes on Escrow.com’s account.
Over the coming days, we will be discussing the experience publicly to educate the wider community on these hacking and social engineering techniques.
We wish to thank the domain registrar for their speed and coordination with us in resolving this matter.
Regards,Matt Barrie Chief Executive Escrow.com
Update: GoDaddy has issued a statement in response to this.