Categories: Domaindomain industrydomain namedomain newsdomain registrar updatesDomain Registrarsregistrar news

GoDaddy’s Afternic had security hole

Issue with API has been resolved.

GoDaddy allows customers to use a physical security key, like the pictured Yubi device, to protect their main accounts. A recent security breach will increase calls for similar two-factor authentication at Afternic.

GoDaddy’s Afternic domain aftermarket platform had a security issue with its API that has since been fixed, the company told impacted customers.

In an email to impacted customers, the company stated:

On Thursday, February 12, a security researcher contacted us about a potential issue with a Web API. We immediately opened an investigation and found a misconfigured server accessible though [sic] the API. Using this API, the security researcher crafted a specific request that returned information from other customer accounts.

Through our audits, we identified this specific API call was run against a small segment of our customers’ accounts. Unfortunately, your information may have been viewed using this call, which includes your first name, last name, email address, physical address, telephone number, and your Afternic username. At no point was your password or credit card information at risk.

As soon as we identified the issue, we removed the server from rotation, securing our API infrastructure.

Please monitor for any suspicious communications that may come from third parties through the contact details that were on your Afternic account (e.g. email/telephone number).

We are very sorry this incident happened. Protecting the privacy of our customers is our top priority and we let you down in this instance. Our team is committed to preventing these types of incidents in the future and we’ll always be forthcoming in our communications with you.

A GoDaddy spokesperson confirmed that all impacted customers have been contacted.

It’s fortunate that no passwords were accessed. With fast transfer turned on, someone could change the price of domains and purchase them at a low price to effectively steal them. It would be helpful if GoDaddy enabled two-factor authentication for Afternic to make this less likely to occur.

Post link: GoDaddy’s Afternic had security hole

© DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:

  1. Here’s why GoDaddy – Donuts deal makes a lot of sense
  2. This GoDaddy Premium Domain change could help you sell a lot more domains
  3. Aman Bhutani NamesCon live blog
Website Host Review

Leave a Comment
Share
Published by
Website Host Review
5 years ago

Recent Posts

Ensuring Equipment Safety and Reliability in Data Centers

What keeps data center operators up at night? Among other things, worries about the safety…

11 hours ago

Data Center Outsourcing Market to Surpass USD 243.3 Billion by 2034

The global data center outsourcing market was valued at USD 132.3 billion in 2024 and…

1 day ago

Addressing the RF Blind Spot in Modern Data Centers

The rapid adoption of artificial intelligence (AI) and the computing power required to train and…

3 days ago

The Challenges of Building Data Centers in the AI Era

Amazon’s Chief Executive, Andy Jassy, recently told investors that the company could significantly increase its…

1 week ago

Is this the data center metric for the 2030s?

When the PUE metric was first proposed and adopted at a Green Grid meeting in…

1 week ago

Direct-to-Chip Cooling: A Technical Primer

Direct-to-chip cooling is a liquid cooling method that uses a specialized water coolant or blended…

2 weeks ago