NameSilo
 24:19:20:56 

Afternic just notified me of a breach

Labeled as security in Domain Industry News, started by Mister Funsky, Feb 22, 2021

Replies:
60
Views:
3,443

  1. Peak.Domains

    Peak.Domains Top Contributor VIP

    Posts:
    1,025
    Likes Received:
    2,209
    It feels like Afternic is held together with threads, scrap metal, and glue.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. MHExplorer

    MHExplorer Established Member

    Posts:
    103
    Likes Received:
    96
    Is it justified that they don't allow us to remove our payout information/bank information from our account ? What is the solution for that now ?
     
  3. Mister Funsky

    Mister Funsky Top Contributor VIP

    Posts:
    5,046
    Likes Received:
    18,933
    Thank you for sharing your discovery and it is good to hear they took care of it quickly...no telling how far things might have gone had it remained.
     
  4. suitedbrand

    suitedbrand Established Member

    Posts:
    17
    Likes Received:
    38
    I don't think bank details were affected, they seem to be using a third party to collect the details.

    I entered my bank details many times and already received a payout. However, on the dashboard, I continue to be prompted to provide my payment details.
     
  5. LoodeX

    LoodeX Restricted (15-30%)

    Posts:
    1,428
    Likes Received:
    896
    Ditto Pokémon ....
     
  6. ReallyBigIdea.com

    ReallyBigIdea.com Established Member

    Posts:
    441
    Likes Received:
    352
  7. DigitalRoar

    DigitalRoar Investor & Creator VIP Gold Account

    Posts:
    1,675
    Likes Received:
    1,547
    I don't think I did, and if I did, I probably deleted it among the mass of spam including fAsT TraNSfER OpT-In emails because their software is that of a broken microwave.

    I have now removed all my domains from Afternic.
     
  8. topdom

    topdom Top Contributor VIP

    Posts:
    1,297
    Likes Received:
    1,107

    What exactly did he say?
     
  9. topdom

    topdom Top Contributor VIP

    Posts:
    1,297
    Likes Received:
    1,107
    Maybe they sold some users' data, and now inventing an excuse.
     
  10. The Durfer

    The Durfer Top Contributor VIP Gold Account

    Posts:
    9,135
    Likes Received:
    13,166
    Yesterday.
     
  11. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    649
    Likes Received:
    1,987
    Still no email. So unfair.
     
  12. Mytz.com

    Mytz.com Top 4L [email protected] ieie.com CuTu.com NeSu.com QAMI.com PRO VIP Gold Account

    Posts:
    9,574
    Likes Received:
    1,163
  13. dumindu89

    dumindu89 Established Member

    Posts:
    296
    Likes Received:
    300
  14. olcayto

    olcayto NameFree.net Blue Account

    Posts:
    456
    Likes Received:
    353
    I got the same email, since this hack happened i received many spams too. My spammers are quoting the domain names i listed on Afternic and offering me some bumps, marketing tools... I’m glad for the junk folder.
     
  15. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    649
    Likes Received:
    1,987
    Last edited: Feb 24, 2021
  16. suitedbrand

    suitedbrand Established Member

    Posts:
    17
    Likes Received:
    38
    With the data that was accessible it's possible to send targeted phishing mails to try to obtain users' passwords. In that case two factor auth would help.

    Fast transfer should be linked to a certain price, imo. If the price is changed, you should have to opt-in again at the registrar.
     
  17. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    649
    Likes Received:
    1,987
    In general, I agree that 2FA is one of the best ways to protect your accounts, no question about that. My point is that you can't do much when the underlying system has these bugs as mentioned in this thread. Advanced registry locks are also preferred, but not all registrars are offering these services.

    We've also seen Godaddy personnel acting as an attack vector. Customers having 2FA won't help there either. It's good that Godaddy is doing phishing tests on a regular basis, but still too many employees clicked the email and gave their credentials. Christmas was maybe not the best time to do the phishing test.

    https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/

    https://krebsonsecurity.com/2020/11...-attacks-on-multiple-cryptocurrency-services/

    With regard to Afternic as a standalone service, I really think this is the year it has to be fully integrated with Godaddy, as it has become unmanageable.

    Thanks for thinking about security, @suitedbrand - I really appreciate it.
     
    Last edited: Feb 24, 2021
  18. suitedbrand

    suitedbrand Established Member

    Posts:
    17
    Likes Received:
    38
    I agree and think it would be great if they unite everything in one platform using the Uniregistry UI, now that they own it.
     
  19. domaineed

    domaineed Established Member

    Posts:
    719
    Likes Received:
    456
    The breach made it possible to change prices?
     
    Last edited: Feb 24, 2021
  20. suitedbrand

    suitedbrand Established Member

    Posts:
    17
    Likes Received:
    38
    No, it didn't, but it would be great to have that as a general security measure.
     
  21. 1Darko

    1Darko Top Contributor VIP

    Posts:
    9,979
    Likes Received:
    6,521
    I've got the email as well - received it into my spam folder - lol :ROFL::ROFL::ROFL:
     
  22. dnx

    dnx New Member

    Posts:
    11
    Likes Received:
    5
    +1
    Why @Joe Styler can’t we remove old payout info? On Afternic or on godaddy


    when will they at least add 2FA it’s utter madness, a company of this size is so slow to protect its customers.

    We are paying them 20% commissions on sales! It’s time we stopped being quiet...and get them to start acting like a company that cares for its customers.
     
    Last edited: Feb 24, 2021
  23. TheBuyerz

    TheBuyerz Established Member

    Posts:
    646
    Likes Received:
    909
    This days I am getting many spams to my emails and related especially to domain names and my preferences. This explain everything... noting that I didn't recieved that email !
     
  24. likemike

    likemike Established Member ★★★★★★★★★★

    Posts:
    261
    Likes Received:
    105
    Actually I think notifying its customers 10 days after the hack is pretty quick and very good. I got the email. These days every site that is worth anything gets hacked on the net. Security will get better as the companies building it improve over time. It's today's world folks.
     
  25. Joe Styler

    Joe Styler Aftermarket Product Manager GoDaddy Staff Afternic Staff PRO VIP

    Posts:
    2,222
    Likes Received:
    4,535
    There have been quite a few accounts recently that seem like new throwaway accounts with no history, no picture and a generic name. I have my name, picture and everyone knows how to contact me on various social media channels or via email and some even text.

    I don't mind answering any questions or helping anyone I can. My years here have shown that but I am a bit suspicious about the various new accounts popping up in the last week or two with generic info.

    On removing old payees we cannot always remove them for various reasons such as regulatory concerns. There are a few variables to go into.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...