I just read recently that domain registrar Go Daddy repelled a computer attack. Whoever pulled it off seemed to have compromised some of Go Daddy’s clients’ accounts.

Unless I misunderstood something, the part that rather bothered me is the attacker appeared to have gained access to certain information in Go Daddy’s systems itself. It was blogged that someone found a vulnerability and exploited it.

I read that among the information peeked into were some names, physical addresses and customer IDs. Fortunately passwords weren’t compromised, and Go Daddy locked all affected accounts.

Go Daddy CIO Neil Warner was quoted as having partially said:

“As a precaution, we’ve locked all of those customers’ accounts. We started contacting the customers by phone, and are sending an e-mail if we haven’t reached them by phone.”

An interesting bit from Warner indicated the attack appeared to have originated within the United States itself. There’s always the possibility computers used to wreak havoc could’ve been compromised by offshore hackers, but it’s hard to say unless Go Daddy can give more so-called juicy details on the computer assault.

So far, I haven’t found anyone else “complaining” online of having their domain name hijacked. I saw one in a forum already asking help how to gain access to their locked account, but it seems it’s because he or she’s outside the U.S. and isn’t exactly english-fluent.

At any rate, Warner said they’re gathering their data on the attack and forwarding it to legal authorities. Hope they’ll catch the perpetrator if indeed he or she is U.S.-based.

If anything, this goes to show that no one’s completely immune. Registrars catering to end users are always at risk of that, but many of them do make efforts to ensure that either doesn’t happen or keeps damage to the barest minimum.

Hat tip to DomainNameWire.

Popularity: 37% [?]