Escrow.com Statement on “Security Incident”

17

Yesterday evening, I received a text message from a colleague asking me if I had seen the Escrow.com website. I had opened a transaction a few hours earlier, and I did no I then did a hard refresh, and I saw that the homepage had been seemingly taken down and there was a message in plain text across the top of the website. I reached out to Escrow.com and was told they were working to resolve the issue, and that it did not involve any unauthorized access to internal data.

I visited Escrow.com this morning, and it appears that the website is up and running. I followed up with a couple of emails this morning asking for more details about what happened and if any internal data or account information was compromised. Jackson Elsegood, General Manager of Escrow.com, just replied to me with a link to a statement about the issue from Freelancer.com CEO Matt Barrie (Freelancer.com owns Escrow.com):

Sydney, March 31st 2020

Dear Customers:

At 5:07pm PST today, hackers got access to our domain registry account for the Escrow.com domain through a breach of our domain registrar’s systems.

Our team immediately learned of the situation and within minutes were working with the registrar to regain access to the account. We regained control of DNS by approximately 7:00pm PST.

During the incident the hackers changed the DNS records for Escrow.com to point to to a third party web server that displayed the following message:

Escrow Security Incident

We wish to make clear that:

  • No Escrow.com systems were compromised.
  • The registry account solely contained Escrow.com owned domains.
  • No accounts holding customer domains were compromised.
  • No customer data was accessed.
  • No customer funds were accessed or at risk.

During the incident, our security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account.

During this phone call, our security team learned that the route of entry was that the hacker had unlawfully accessed our registrar’s internal support systems and was using them to make changes on Escrow.com’s account.

Over the coming days, we will be discussing the experience publicly to educate the wider community on these hacking and social engineering techniques.

We wish to thank the domain registrar for their speed and coordination with us in resolving this matter.

Regards,

Matt Barrie
Chief Executive
Escrow.com

 

 

Update: GoDaddy has issued a statement in response to this.

17 COMMENTS

  1. I got an email from Marriott International that

    Dear Valued Guest,
    We are writing to let you know that some of your information may have been accessed without authorization.

    oh well….

    That what happens when lots of people are working remotely…

  2. This is exactly why you should care whether or not your escrow agent is also a registrar. It is classic counter-party risk. If domains goes missing, whose fault would it have been? You should also care a lot whether the escrow agent will certify a transaction protecting buyer or seller against future clawbacks.

      • That *fallacious* conversation about being “licensed” was already completed 1,000 miles ago, in case anyone recalls. And I even pointed out personally that probably no one who comments in these blogs has as much real world professional experience addressing the “licensing” requirements of other businesses as I do – if even one person has any such experience at all. It’s nonsense. I will never use escrow.com again either to buy or sell if I can help it even if their stack of “licenses” could reach the sky, don’t want to, and would *much* rather use Epik than escrow.com a 1,000 times over.

        • “I will never use escrow.com again . . . ”

          Serious question John: Why? Their ID-verification requirements? Something else?

          • After the ownership change and loss of the golden era of Brandon Abbey, I encountered a strange and unprecedented problem relating to one of the most basic things any online account entails. Till then I had been doing something normal people need to do a million times over. It’s the kind of thing that should not even have been happening, and is a no-brainer the size of an elephant. Instead of fixing the problem, the experience with support was a kafkaesque nightmare. The whole thing went on for a long time, was very insulting, and to my knowledge was never even fixed. Maybe it was eventually fixed, since it’s the kind of thing that would cause problems for people, but after all that I never even bothered to check anymore.

            Anyone ever dealt with “RegisterFly” in bygone years? It was even worse than the worst experience there, because they didn’t even pretend to be doing the right thing.

            That alone was enough to make me not want to use them anymore, but then the new verification requirements that emerged are a deal breaker all by themselves.

  3. That why I nominated Rob at Epik the best registrar.

    We might agree or/and disagree with him but that not the point.
    The point is he is the face behind his company and he is always contributing to the domain community. We know where he lives, what he eats and what he likes….so tell me do other CEOs or other owners of the other registrars you know do that?
    Rob at Epik is the only one that is here for us…. and he gives excellent customer service!

Leave a Reply