How GoDaddy customers and employees were hacked?

Data security course specialists from KrebsOnSecurity firm revealed a recent phishing attack that tricked a customer service employee from, the world’s leading domain name registration provider.

Through this attack, threat actors managed to access and modify customer records, changing the domain settings of at least a dozen clients on the platform, including the popular trading site, whose interface was modified to display an out-of-context message.

Data security course specialist Elliot Silver was informed on this unusual activity through a statement from Matt Barrie, CEO of the transaction platform: “During the attack, malicious hackers modified the DNS records of to point to a web server controlled by unidentified third parties”.

By performing a reverse DNS lookup at address, researchers discovered that it is linked to less than a dozen domains, including a domain registered just 12 days ago that invokes the registrar name: When you upload that domain to a browser, the same text that appeared Monday night in is revealed, data security course experts detailed.

Everything indicated that someone had been the victim of a phishing attack, as the platform executives ensured that the hackers were able to access messages and notes backed up in their GoDaddy account, which only the company’s employees could have accessed.

The researchers later discovered that threat actors had access to this sensitive information, which they used to deceive GoDaddy staff into making the desired changes.

GoDaddy acknowledged that on March 30, they received an alert related to a security incident involving a customer’s domain name. An investigation revealed that one GoDaddy employee was the victim of a phishing attack and that five other accounts may have been compromised, although their names were not revealed.

While there is no way to prevent a 100% phishing attack, the International Institute of Cyber Security (IICS) notes that there are some methods to identify and prevent such attacks, such as two-factor authentication (2FA), password reset and user awareness.