How to Protect Your Domain Investments After the Equifax Breach

The Equifax security breach has an estimated 143 million Americans facing the serious threat of identify theft and has triggered a rush for consumers and business owners alike to protect themselves and their livelihoods.

When major hacks occur, individual account information can end up in the hands of bad actors who may attempt to use that information to access bank and credit card accounts, as well as other investments, including domain names. As a domain name investor who’s been building up a portfolio over time, how can you make sure your digital investments remain secure and avoid any potentially unverified domain name transfers due to the breach?

First, you’ll need to secure your identity by setting up a credit monitoring service, and even freezing credit temporarily, to prevent bad actors from taking over your identity with leaked or hacked sensitive information. If you are researching a security breach, be careful what sites you click on as many phishing pages have popped up to attempt to collect information from people trying to find out if their personal data was leaked. The official website for information on the Equifax breach is

If you find out someone has stolen your identity, contact our customer team immediately. Let them know to not authorize any account changes over the phone during this time.

Next, you’ll want to take the proper precautions for your online accounts. Setting up two-factor authentication for your registrar and registry accounts is an easy way to safeguard your accounts from potential hacking. Texting or phone calls are the best forms for your second-factor of authentication because hackers are unlikely to have access to your cell phone, unlike information that could be leaked like your driver’s license number or the name of your hometown. GoDaddy does not use birth dates, Social Security Numbers or security questions for its two-factor authentication process as part of its policy to protect customers. Additionally, it’s a good idea to keep all your account information, specifically your email address and phone number, up to date across registrars and registries. Be sure to turn off any filters that send emails from GoDaddy or other registrars to the junk folder to ensure you receive notifications of any unauthorized account changes or transfer requests.

A general best practice for domain investors is to print or screengrab a list of all owned domains, including a timestamp. This proves that domains were owned at a certain time, making them useful evidence should anyone attempt an unlawful domain transfer. This list can help you recover your domains if the previous steps didn’t stop an attacker. GoDaddy and  other registrars have longstanding systems in place to help customers protect their domain investments against bad actors.

To protect against targeted attacks, set up WHOIS privacy on your domains – this will keep hackers from matching your domain name registration with personal information and accessing additional details, if any are leaked. GoDaddy offers Domain Privacy which masks your personal information and true email address in the WHOIS Directory and deters domain hijackers. Bad actors won’t know who to impersonate if you’ve established WHOIS privacy on your domain names.

GoDaddy also offers a service called Domain Transfer Validation Service (DTVS) as part of our Privacy and Business Protection. Normally in place for domain investors who are buying and selling regularly, this service requires the seller to provide their account’s unique PIN over the phone to a GoDaddy account executive before the domain name can be transferred to a buyer. This additional step before domain name ownership changes hands helps prevent domain name theft. Even in the wake of a massive security breach, such as the Equifax hack, your unique PIN wouldn’t be included in the leaked personal data, as it’s unique to your GoDaddy account.

Finally, there is no substitute for vigilance on the domain name owners part. Keep your account information up to date to keep domain hijackers at bay. The best way to protect your domains is to protect your personal information through proactive monitoring and preventative tools.


  1. Thank you for this useful information.

    I have mixed feelings about privacy. I want to keep scammers and hackers away, but I fear it might make it difficult to prove that I was indeed the owner of the domain at that point in time if Whois records only show the proxy information.

    If you have DTVS, is it still advisable to have privacy as well?

  2. Michael…

    Having DTVS is an additional layer of security in addition to Privacy. You do not have to have Privacy to have DTVS. When any domain transfers out of my Godaddy account, the account executive gives me a call to verify the transfer/change. With or without privacy.

    Hope that helps.

Leave a Reply

Recent Posts Announces 2023 Master of Domains

During the NamesCon conference today, announced its Master of Domains winners. The annual award celebrates "the highest grossing domain name brokers for deals...

How to Buy a Domain Name That is Owned by Someone

For a domain investor, buying a domain name is second nature. Investors hand register domain names, purchase domain names via expiry and private auctions,...

My 2023 Domain Industry PMC Jersey

For a number of years, I have created a domain industry Pan-Mass Challenge jersey to raise funds for Dana-Farber Cancer Institute. Many domain industry... Profitably Resold for 8 Figures

In March of this year, I reported on the sale of The domain name was acquired by HubSpot Co-Founder Dharmesh Shah for more...

First Look at my 2023 Domain Industry PMC Jersey

This August, I will be riding in my 10th Pan-Mass Challenge ride to raise funds for Dana-Farber Cancer Institute. I will be riding...