GoDaddy Employee “Fell Victim to a Spear-fishing or Social Engineering Attack”

Earlier today, I published an article about a reported “security incident” involving Escrow.com. In the statement outlining what happened, Escrow.com wrote, “hackers got access to our domain registry account for the Escrow.com domain through a breach of our domain registrar’s systems.” I emphasized the last part of the statement because it seems to lay the blame on the company’s domain registrar rather than the fault of an Escrow.com employee or agent.

A Whois search reveals that the Escrow.com domain name is registered at GoDaddy. I reached out to GoDaddy representatives to see if they could shed some light on this incident. A company representative sent me an email this evening, and it would appear that the issue impacted a handful of customers (who have all been notified). Here’s what I was told by GoDaddy:

On March 30, we were alerted to a security incident involving the redirection of a customer’s domain name. Our team investigated and found an internal employee account triggered the change. We conducted a thorough audit on that employee account and confirmed there were five other customer accounts potentially impacted.

We immediately locked down the impacted accounts involved in this incident to prevent further changes.   Any actions done by the threat actor have been reverted and the impacted customers have been notified.

The employee involved in this incident fell victim to a spear-fishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.

We apologize for any inconvenience this may have caused.

One thing that remains concerning for me is that it would appear GoDaddy learned of this incident when they were notified by Escrow.com (“we were alerted“). Had the person who had access to a GoDaddy employee account not have done something as obvious as taking down the Escrow.com homepage, I wonder if any further damage could have been done and gone undetected. For instance, it would be concerning if domain name account changes, nameserver changes, or even transfer approvals could have been done.

Like many companies, most, if not all GoDaddy employees are working from home during the coronavirus outbreak. I wonder if this may have played a role in gaining access to the employee account.

Although GoDaddy has reported that this is under control, I would advise people to reach out to GoDaddy right away if they notice something strange with their accounts. I don’t know how much of a role it would play, but I recommend enabling two factor authentication (perhaps via Yubikey) and DTVS security on GoDaddy accounts.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

9 COMMENTS

  1. Godaddy is not to be trusted with domains!!!
    Did the guy really say “spear-fishing”????!!!!
    How can you trust a registrar with your valuable business domain when their representative doesn’t even know the difference between spear-fishing and spear-phishing???!!!

  2. A Van Gogh got stolen, so Museums can’t be trust
    Banks get robbed around the World, so banks can’t be trusted.
    Go Daddy out of 50 million domains under management has an issue and can’t be trusted
    If a house is robbed that uses ADT alarms, than the company can’t be trusted.
    I suggest take your belongings, money and domains and bury them in your backyard, make sure
    nobody sees you.
    GD Market cap almost 10Billion somebody trusts them, hahahaha

    Easy……you get an idea of people by their comments

  3. It could’ve happened to just any registrar, not only GD. Anything coded can be decoded. No one is insured.

    Measures should be implemented covering all aspects:
    technical; organizational; legal.

    In most cases of security breaches, the organizational factor has proved time and again to be the weakest link – like employee clicking link-bait to phishing site out of stupid curiosity.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

GoDaddy to Launch “Premium Domain Marketplace” on DomainNames.com

6
The Afternic X account posted a link on X without much context that caught my attention this morning: 👀 https://t.co/JL8P45lRng 🔜 — Afternic (@afternic) October 3, 2025 https://platform.twitter.com/widgets.js Visiting...

Have a Real Presence Online When Selling Domain Names

0
When it comes to selling domain names via outbound marketing, credibility is very important. If a prospective buyer receives an unsolicited and unexpected email...

2021 vs 2025 – % of .coms in my Portfolio

1
I don't closely track the percentage of domain extensions in my portfolio. I could have 75% .com or I could have 99% .com domain...

Nominations Open for 2026 ICA Awards

0
The Internet Commerce Association (ICA) is now accepting nominations for two domain investing community awards. Domain investors may now submit their nominations for the...

Bodis Gives Performance Update After Google Parked Domain Opt-Out

3
Bodis sent an update to customers yesterday about recent performance impacts related to pay per click parking revenue. The company attributed the decline to...