The Equifax security breach has an estimated 143 million Americans facing the serious threat of identify theft and has triggered a rush for consumers and business owners alike to protect themselves and their livelihoods.
When major hacks occur, individual account information can end up in the hands of bad actors who may attempt to use that information to access bank and credit card accounts, as well as other investments, including domain names. As a domain name investor who’s been building up a portfolio over time, how can you make sure your digital investments remain secure and avoid any potentially unverified domain name transfers due to the breach?
First, you’ll need to secure your identity by setting up a credit monitoring service, and even freezing credit temporarily, to prevent bad actors from taking over your identity with leaked or hacked sensitive information. If you are researching a security breach, be careful what sites you click on as many phishing pages have popped up to attempt to collect information from people trying to find out if their personal data was leaked. The official website for information on the Equifax breach is equifaxsecurity2017.com.
If you find out someone has stolen your identity, contact our customer team immediately. Let them know to not authorize any account changes over the phone during this time.
Next, you’ll want to take the proper precautions for your online accounts. Setting up two-factor authentication for your registrar and registry accounts is an easy way to safeguard your accounts from potential hacking. Texting or phone calls are the best forms for your second-factor of authentication because hackers are unlikely to have access to your cell phone, unlike information that could be leaked like your driver’s license number or the name of your hometown. GoDaddy does not use birth dates, Social Security Numbers or security questions for its two-factor authentication process as part of its policy to protect customers. Additionally, it’s a good idea to keep all your account information, specifically your email address and phone number, up to date across registrars and registries. Be sure to turn off any filters that send emails from GoDaddy or other registrars to the junk folder to ensure you receive notifications of any unauthorized account changes or transfer requests.
A general best practice for domain investors is to print or screengrab a list of all owned domains, including a timestamp. This proves that domains were owned at a certain time, making them useful evidence should anyone attempt an unlawful domain transfer. This list can help you recover your domains if the previous steps didn’t stop an attacker. GoDaddy and other registrars have longstanding systems in place to help customers protect their domain investments against bad actors.
To protect against targeted attacks, set up WHOIS privacy on your domains – this will keep hackers from matching your domain name registration with personal information and accessing additional details, if any are leaked. GoDaddy offers Domain Privacy which masks your personal information and true email address in the WHOIS Directory and deters domain hijackers. Bad actors won’t know who to impersonate if you’ve established WHOIS privacy on your domain names.
GoDaddy also offers a service called Domain Transfer Validation Service (DTVS) as part of our Privacy and Business Protection. Normally in place for domain investors who are buying and selling regularly, this service requires the seller to provide their account’s unique PIN over the phone to a GoDaddy account executive before the domain name can be transferred to a buyer. This additional step before domain name ownership changes hands helps prevent domain name theft. Even in the wake of a massive security breach, such as the Equifax hack, your unique PIN wouldn’t be included in the leaked personal data, as it’s unique to your GoDaddy account.
Finally, there is no substitute for vigilance on the domain name owners part. Keep your account information up to date to keep domain hijackers at bay. The best way to protect your domains is to protect your personal information through proactive monitoring and preventative tools.