GoDaddy employees accidentally help hackers redirect emails and traffic of cryptocurrency websites

Share to friends

Employees of GoDaddy, the world’s largest domain name registrar, accidentally helped hackers last week to redirect emails and web traffic of some targeted cryptocurrency websites, Krebs on Security reported.

Two of the affected websites Liquid and NiceHash, confirmed the separate attacks which reportedly happened in just few days apart.

“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Mike Kayamori said in a blog post.

“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,” Kayamori added.

In NiceHash’s case, it discovered in the early hours of Nov. 18 Central European Time (CET), that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site.

READ ALSO  Pornhub accused of hosting videos of rape and child abuse

NiceHash froze all customer funds for about 24 hours until it was able to change back its domain settings to their original settings.

“At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security,” the company wrote in a blog post.

Luckily, no personal info or other compromising data was stolen.

“We detected this almost immediately [and] started to mitigate [the] attack,” NiceHash founder Matjaz Skorjanc reportedly said. “Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen,” he added.

READ ALSO  Russia accuses Facebook and Google of interfering in its elections

When contacted by KrebsOnSecurity, GoDaddy acknowledged the attack, but did not provide details about how its employees were deceived by the hackers. They said the matter is still under investigation.

“Separately, and unrelated to the outage, a routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information,” GoDaddy spokesperson Dan Race told KrebsOnSecurity.

“Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees,” she said.

“We immediately locked down the accounts involved in this incident, reverted any changes that took place to accounts, and assisted affected customers with regaining access to their accounts,” GoDaddy’s statement continued. “As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”

READ ALSO  Former president Trump is reportedly building his own social media network that will go live within months

The incident is the latest cyber attack on GoDaddy where hackers regularly try to trick the employees into transferring ownership and/or control of targeted domains to them.

Back in March, GoDaddy suffered a large phishing scam. Several targeted domains came under hacker control. A voice phishing scam targeting GoDaddy support employees allowed the hackers to assume control over at least a half-dozen domain names, including transaction brokering site

Also in May, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020.

To website owners, it is a good idea to always set up a two-factor authentication to protect your data.

Twitter hires famous hacker to secure its platform