GoDaddy authentication vulnerability exploited for phishing campaigns

A security researcher has discovered a vulnerability with which impacts the way it handles domain name server (DNS) change requests, allowing hackers to hijack domains. 

The vulnerability allowed any user to add a domain to their account without any validation that they actually owned the domain. The researcher estimates that GoDaddy’s authentication weakness left more than 553,000 domains vulnerable to hijacking. 

This same weakness is also believed to have affected other major internet service providers and leading to phishing and malware attacks. 

The weakness allegedly made high-profile scams possible, including a US bomb threat hoax and a sextortion email campaign from 2018. 

The NCSC suggests that 2-factor authentication is enabled in all DNS hosting accounts, and the passwords are not easily guessed, and not re-used across services.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

One thought on “GoDaddy authentication vulnerability exploited for phishing campaigns

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: