Recently, Escrow.com had a “security incident” where “hackers got access to our domain registry account for the Escrow.com domain through a breach of our domain registrar’s systems”.
Did you catch the blame that Escrow.com places on their registrar?
That’s because the breach was due to an internal issue over at GoDaddy.
A security issue at GoDaddy, where an employee’s internal account triggered a change to the domain accounts.
According to GoDaddy:
On March 30, we were alerted to a security incident involving the redirection of a customer’s domain name. Our team investigated and found an internal employee account triggered the change.
The employee involved in this incident fell victim to a spear-fishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.
What’s worse is that Escrow.com wasn’t the only account affected. GoDaddy admitted that there were 5 other accounts potentially impacted by the breach.
They’ve informed account holders.
But it begs the question of whether GoDaddy would have noticed the breach if Escrow.com hadn’t brought it to their attention.
How many other accounts could potentially be impacted either through the same employee or through similar methods through other employees?
It’s unclear if this issue arose because most employees are working from home during the Coronavirus pandemic.