A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.
Escrow.com helps people safely broker all sorts of transactions online (ironically enough, brokering domain sales is a big part of its business). For about two hours starting around 5 p.m. PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text:
The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Image: Escrow.com
DomainInvesting.com’s Elliot Silver picked up on the change and got a statement from Matt Barrie, the CEO of freelancer.com, which owns escrow.com.
“During the incident, the hackers changed the DNS records for Escrow.com to point to to a third party web server,” Barre wrote, noting that his security team managed to talk to the hacker responsible for the hijack via telephone.
Barrie said escrow.com would be sharing more details about the incident in the coming days, but he emphasized that no escrow.com systems were compromised, and no customer data, funds or domains were compromised.
KrebsOnSecurity reached out to Barrie and escrow.com with some follow-up questions, a ..
Support the originator by clicking the read the rest link below.
