GoDaddy Employee “Fell Victim to a Spear-fishing or Social Engineering Attack”

Earlier today, I published an article about a reported “security incident” involving In the statement outlining what happened, wrote, “hackers got access to our domain registry account for the domain through a breach of our domain registrar’s systems.” I emphasized the last part of the statement because it seems to lay the blame on the company’s domain registrar rather than the fault of an employee or agent.

A Whois search reveals that the domain name is registered at GoDaddy. I reached out to GoDaddy representatives to see if they could shed some light on this incident. A company representative sent me an email this evening, and it would appear that the issue impacted a handful of customers (who have all been notified). Here’s what I was told by GoDaddy:

On March 30, we were alerted to a security incident involving the redirection of a customer’s domain name. Our team investigated and found an internal employee account triggered the change. We conducted a thorough audit on that employee account and confirmed there were five other customer accounts potentially impacted.

We immediately locked down the impacted accounts involved in this incident to prevent further changes.   Any actions done by the threat actor have been reverted and the impacted customers have been notified.

The employee involved in this incident fell victim to a spear-fishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.

We apologize for any inconvenience this may have caused.

One thing that remains concerning for me is that it would appear GoDaddy learned of this incident when they were notified by (“we were alerted“). Had the person who had access to a GoDaddy employee account not have done something as obvious as taking down the homepage, I wonder if any further damage could have been done and gone undetected. For instance, it would be concerning if domain name account changes, nameserver changes, or even transfer approvals could have been done.

Like many companies, most, if not all GoDaddy employees are working from home during the coronavirus outbreak. I wonder if this may have played a role in gaining access to the employee account.

Although GoDaddy has reported that this is under control, I would advise people to reach out to GoDaddy right away if they notice something strange with their accounts. I don’t know how much of a role it would play, but I recommend enabling two factor authentication (perhaps via Yubikey) and DTVS security on GoDaddy accounts.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. Godaddy is not to be trusted with domains!!!
    Did the guy really say “spear-fishing”????!!!!
    How can you trust a registrar with your valuable business domain when their representative doesn’t even know the difference between spear-fishing and spear-phishing???!!!

  2. A Van Gogh got stolen, so Museums can’t be trust
    Banks get robbed around the World, so banks can’t be trusted.
    Go Daddy out of 50 million domains under management has an issue and can’t be trusted
    If a house is robbed that uses ADT alarms, than the company can’t be trusted.
    I suggest take your belongings, money and domains and bury them in your backyard, make sure
    nobody sees you.
    GD Market cap almost 10Billion somebody trusts them, hahahaha

    Easy……you get an idea of people by their comments

  3. It could’ve happened to just any registrar, not only GD. Anything coded can be decoded. No one is insured.

    Measures should be implemented covering all aspects:
    technical; organizational; legal.

    In most cases of security breaches, the organizational factor has proved time and again to be the weakest link – like employee clicking link-bait to phishing site out of stupid curiosity.


Please enter your comment!
Please enter your name here

Recent Posts

.Bet Domain Name Acquired for 5 Figures, Reportedly Resold for $600k

According to a tweet from Identity Digital (formerly Donuts), the domain name reportedly sold for $600,000. I have not verified or researched the...

Finalize a Deal by Connecting on LinkedIn

When I agree to a negotiated deal on a platform like Dan or Sedo, I have always held the expectation that the payment will...

Google Ads Selects Squadhelp for Case Study

If you have visited a Squadhelp landing page, chances are good that you have seen their advertising when you visit other websites that have...

Reliance is “More than Metal” Following Upgrade

Reliance Steel & Aluminum Co. has existed as a business for more than 80 years and is publicly traded under the RS ticker symbol...

What to do with an Unused Domain Name

A person who has long owned a 3 letter .com domain name reached out to me to try and sell it. It's a nice...