GoDaddy authentication vulnerability exploited for phishing campaigns

A security researcher has discovered a vulnerability with GoDaddy.com which impacts the way it handles domain name server (DNS) change requests, allowing hackers to hijack domains. 

The vulnerability allowed any user to add a domain to their account without any validation that they actually owned the domain. The researcher estimates that GoDaddy’s authentication weakness left more than 553,000 domains vulnerable to hijacking. 

This same weakness is also believed to have affected other major internet service providers and leading to phishing and malware attacks. 

The weakness allegedly made high-profile scams possible, including a US bomb threat hoax and a sextortion email campaign from 2018. 

The NCSC suggests that 2-factor authentication is enabled in all DNS hosting accounts, and the passwords are not easily guessed, and not re-used across services.

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.