According to an article published by KrebsOnSecurity, hackers had unauthorized access to GoDaddy customer accounts for three years, between October 2016 and April 2019. During that time, the attackers were able to modify and steal customers' domain name records, which could have allowed them to take over websites, intercept email messages, and more.
The attackers reportedly used social engineering techniques to trick GoDaddy employees into giving them access to customer accounts. They then used that access to add or remove email addresses and modify domain name system (DNS) settings, effectively taking control of the domains.
GoDaddy confirmed the breach, but stated that the number of affected accounts was very small, and that the company had notified and assisted the affected customers. However, KrebsOnSecurity reported that it had spoken to several affected customers who were unaware of the breach until they were contacted by the news outlet.
The incident serves as a reminder that even large companies like GoDaddy can be vulnerable to attacks, and highlights the importance of strong security measures such as two-factor authentication and employee training to prevent social engineering attacks. It also underscores the need for customers to regularly monitor their accounts for suspicious activity and to promptly report any unauthorized access to their service providers.
Comments
Post a Comment