A serious vulnerability in the way DNS records are created, left more than 500,000 expired domains at GoDaddy in the hands of cybercriminals.
While this was not a GoDaddy-specific issue, the ability to create free DNS records at GoDaddy, literally cost nothing to the perpetrators.
Expired domains with nameservers under domaincontrol.com, the domain for GoDaddy’s managed DNS service, were vulnerable. Despite not resolving, these domains were used in phishing and other malware campaigns.
Scammers used valid domains belonging to companies such as Yelp, Mozilla and Aramark to legitimize spam; by using these “clean” domains, anti-spam software failed to block the malicious email campaigns effectively.
GoDaddy was contacted by the researcher who in 2016 exposed this exploit, Matthew Bryant, and they said that the DNS issue has been fixed. Per the statement issued by GoDaddy:
After investigating the matter, our team confirmed that a threat actor(s) abused our DNS setup process. We’ve identified a fix and are taking corrective action immediately. While those responsible were able to create DNS entries on dormant domains, at no time did account ownership change nor was customer information exposed.
Full coverage on this issue can be found at Ars Technica, titled “GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains.”