Hacker defaces Escrow.com by hacking GoDaddy employee’s account

Hacker defaces Escrow.com by hacking GoDaddy employee’s account

GoDaddy’s employee fell for a phishing scam after which credentials were used to conducted DNS spoofing.


Just a few days ago, a GoDaddy employee fell victim to a spearphishing attack leading to a compromise of their company account. This allowed the attacker to access certain customer records allowing wide-scale manipulation of the settings for the domain names contained within.


These settings include the domain name servers of notable domain names like Escrow.com which is an online brokering service of a range of items. GoDaddy further stated that 5 other user customer accounts were “potentially affected” but didn’t specify the total number of domains within these accounts.

The attack on Escrow.com surfaced at 5:07 PM PST on the 31st of March – a Monday – when the site’s homepage was found to be defaced and replaced with the message as shown In the picture below.



This happened because the perpetrator replaced the original DNS’s from a legitimate server to their own malicious ones. To be specific, the newly pointed IP address was 111.90.149[.]49, located in Malaysia.


Elliot Silver from DomainInvesting immediately got in touch with Escrow.com’s team who reported that no data had been compromised and that they were investigating. Later that evening, the issue had been fixed by 7 PM PST in a couple of hours.


See: Sensitive data on 31,000 GoDaddy servers exposed onl ..

Support the originator by clicking the read the rest link below.