NameSilo

Godaddy Account Hacked (PLEASE HELP)

Located in Domain Registrar Reviews, started by svelandiag, Jun 29, 2020 at 11:21 PM

Replies:
17
Views:
519

  1. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    Hello, I got hacked today, I was not using 2FA however I got an email this morning that 2FA was activated for my account, I can't access my account since I need the 2FA code and I don't have access to the phone.

    The thief has not changed the email address associated to GD account yet, he changed the DNS of all my domains now pointing to an empty folder, my websites are down...

    I contacted GD support and they told me that I need to send a 2FA deactivation request, they sent the steps and a template... Im very scared I don't know what he can do and If I will lose my domain names.

    What are your recommendations? Thanks for the help?
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,653
    Likes Received:
    9,051
    wow that's crazy sorry to hear that. sorry I can't help. I'm sure someone knows better on here.

    I'm surprised they did it that way they did it. most times from what I've read on here. these guys usually do it stealth.

    like still allow you access to your email account and simply start transferring or pushing out domains from your account slowly like one by one or cherry picking them.

    and when they get the transfer confirmations immediately delete it and all emails about the domain from the inbox forever.

    so no record of it.

    Please note I think ICANN.org will always have a record you owned your domains.

    I'd probably contact them first as registrars are notorious for not helping people out in these situations and say that their "hands are tied".

    Good luck buddy!
     
  3. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    Yes I really don't understand the way he acted! why would he alert me adding 2FA Im scared what this guy can do with my domains, he clearly doesn't want to transfer them I check and the status of the domain is still "clientTransferProhibited"

    So I don't understand what he wants of me and my domains!
     
  4. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,653
    Likes Received:
    9,051
    probably unfamiliar with domain names. just someone who hacked your gmail.

    probably he or she is worried stealing your domains could show trail back to him. probably trying to figure out how to do it without getting caught.

    sounds like not someone who specifically targetted you to steal your domain. just an email hacker.

    Got any enemies? lol
     
  5. Samer

    Samer Top Contributor VIP Blue Account

    Posts:
    4,369
    Likes Received:
    6,385
    Last edited: Jun 29, 2020 at 11:46 PM
  6. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    Maybe he can send massive scam emails with my domain names and ruin my reputation? Well Im just thinking why he would have proceeded this way, so Im glad it seems that I won't lose my domain names! Still don't understand how he get my password...
     
  7. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    I sent an email to icann support, asked them how they can help me to protect my domains.
     
  8. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,653
    Likes Received:
    9,051
    my GF taught me a long time ago.

    when it comes to passwords always use a long phase with special characters and capitals and numbers like

    [email protected]#[email protected]#$%
    or
    NextTimeSvelandiagUseLongPasswordPhrases

    lol

    Good luck friend and welcome
     
  9. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    8,653
    Likes Received:
    9,051
    Best thing you can do right now so there is a record of this with Icann.
    From my experience with registrars they are not very helpful.

    the mindset is that "you are the idiot who did not properly protect your email address so don't bother us and expect us to do things faster. we'll do this at the slowest speed possible as it is not our fault you used an easy to hack password."

    or something like that.
     
  10. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    correct my password was not strong, from now I will be more cautious, and paranoic with passwords and security, I hope godaddy deactivates 2FA fast. I think this time my sites are down will hurt my SEO 😭

    What other things do you think guys I should do? or check?
     
  11. TheBuyerz

    TheBuyerz Established Member

    Posts:
    302
    Likes Received:
    192
    It takes up to 5 days to transfers domain names from one registrar to another one.

    It is possible to transfers them to another account but can be recovered easily by Godaddy when you provide your proofs.

    You have to convice them to block activities on your account untils all this situation is cleared out, this is the first thing to do, after that it is a matter of time to solve this issue.

    Good luck !
     
  12. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    I talked with support and they told me they can't block my account... Tbh I think that some of the Godaddy support agenst are very incompetent, I called 4 times and talked with different agents and they told me different answer to my questions... One of them told me that I will receive email with instructions but I never received one...

    So far thumbs down for Godaddy support, I just hope they help me asap with this and disable the 2FA so i can recover access to my account.

    Im still wondering the way the hacker proceeded, still want to know his intentions, he knows I will recover access eventually, so Im not sure what doe he pretends.
     
  13. TheBuyerz

    TheBuyerz Established Member

    Posts:
    302
    Likes Received:
    192
    Perhaps you used the same password of your Godaddy account in online websites and forums that were hacked.

    Notice that even Yahoo, Linkedin etc. had their users' emails and passwords leaked, there is online website that purpose to check if your email and password were leaked on online platforms that were already hacked, make a search on Google.

    Apparently, you used different password than on your email, since the hacker haven't access to your email address ... he choose to apply a 2FA instead.

    Do Godaddy require users to confirm transfers by sending an email link ? or they allow the transfers directly ?

    Have you linked your credit card ? or Paypal ? If so, you have to contact your bank to block temporarily your funds, and remove Godaddy agreement from inside your PayPal account.
     
    Last edited: Jun 30, 2020 at 12:57 AM
  14. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    Ho my gosh I didn't know about that, I googled it and found this website! haveibeenpwned indeed my username and password has been leaked, probably this has something to do, however not sure how they knew my godaddy client number and username... Well but at least I can find an explanation...

    Also the good thing according to what you guys have told me, the thief doesn't have enough expertise
     
  15. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    By the way my domain email is still receiving and sending emails which is weird, since the hacker changed the DNSs of that domain, why it is still operative?
     
  16. ArielT

    ArielT Top Contributor VIP

    Posts:
    1,473
    Likes Received:
    542
    I think I will take security more seriously
     
  17. svelandiag

    svelandiag New Member

    Posts:
    9
    Likes Received:
    3
    Thanks GOD... Godaddy removed 2FA from my account once I received the email I immediately changed passwords and set up 2FA with my phone, now I recovered the access and changed the DNSs to my servers, it seems everything has been solved...

    Not sure if the hacker doesn't have experience or he just wanted to warm my SEO, Im not sure what's gonna be the impact on the SERPs after this downtime... almost 24 hours where my website was giving 404 errors for the top ranked landings...

    Well, Im lucky the hacker didn't know how to properly proceed, he could have made MUCH more damage, for now, I become paranoic with security...
     
  18. Joe Styler

    Joe Styler Aftermarket Product Manager GoDaddy Staff Afternic Staff PRO VIP

    Posts:
    2,122
    Likes Received:
    4,200
    I am sorry to hear this happened. I just logged onto Namepros today just now. I don't come here every day. Support has to be really careful because they don't know who you are. If you can validate into the account they can help you, but if you do not control the account because you were hacked, they have to be careful that you are not a hacker or social engineer. So on something like this it is usually handled slowly and carefully to make sure that the account is protected. It is easy enough in most cases to unwind things once we determine the rightful owner of the account.

    Bottom line I would use 2fa on your accounts as a best practice including your email accounts. I am glad that you got it worked out. For anyone else wondering how to get help in this kind of circumstance going to changeupdate.com is the fastest way to get the correct info to the right team to help. If there is 2fa you also have to email the right info to prove you own the account and get that removed.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...