Issue with API has been resolved.
GoDaddy’s Afternic domain aftermarket platform had a security issue with its API that has since been fixed, the company told impacted customers.
In an email to impacted customers, the company stated:
On Thursday, February 12, a security researcher contacted us about a potential issue with a Web API. We immediately opened an investigation and found a misconfigured server accessible though [sic] the API. Using this API, the security researcher crafted a specific request that returned information from other customer accounts.
Through our audits, we identified this specific API call was run against a small segment of our customers’ accounts. Unfortunately, your information may have been viewed using this call, which includes your first name, last name, email address, physical address, telephone number, and your Afternic username. At no point was your password or credit card information at risk.
As soon as we identified the issue, we removed the server from rotation, securing our API infrastructure.
Please monitor for any suspicious communications that may come from third parties through the contact details that were on your Afternic account (e.g. email/telephone number).
We are very sorry this incident happened. Protecting the privacy of our customers is our top priority and we let you down in this instance. Our team is committed to preventing these types of incidents in the future and we’ll always be forthcoming in our communications with you.
A GoDaddy spokesperson confirmed that all impacted customers have been contacted.
It’s fortunate that no passwords were accessed. With fast transfer turned on, someone could change the price of domains and purchase them at a low price to effectively steal them. It would be helpful if GoDaddy enabled two-factor authentication for Afternic to make this less likely to occur.
You want to let them know how long the security vulnerability was actually in play for, and what they did to past individuals who even mentioned that numerous problems exist?
Leadership in this industry would make physically ill, if it wasn’t for the total and complete absence of it. If GoDaddy spent half the time perfecting products that it does sweetening up allies to preserve a guided monopoly, this industry would be seeing golden times. Instead of leaving people scratching their heads how a moronic organization cannot even adequately protect domainers from Verisign.
Or how Tucows harbors some of the most racist websites on the planet. You just deleted that post and the truth with examples never made it through moderation.
Andrew Allemann says
I don’t wish to link to these websites.
Really Andrew. After all the trash you have typed, shared, discussed, and communicated to others, targeting people in our industry as beacons of hate. Judging them in ways that have isolated and marginalized good businesses and people that have been painted manipulatively with false brushes. The virtue signaling. The grand standing. The calls and demands from others for equality. The choice of who and what you cover, and who you find repulsive by your own words, choices, and actions.
Then you hide links that showcase Tucows supporting the most aggressive, foul, hate-filled, violence inciting Nazi groups in the world, AS you promote them and position them in a credible light for the pedestal they wanted to create for themselves. This is absurd. Especially for a piece that was ENTIRELY dedicated to the new lines they claim to be drawing, going beyond the courts, and initiating their own self-righteous scalpel. Must be nice simply deleting content that doesn’t meet that false narrative there hype king.
If I used your own logic applied to others, that would mean that you are actually PROMOTING Nazism, through your own moderation and choice of what you decide should be shielded from the public. So in effect, you can tear a group like Epik up every single chance you get, and then hide equivalent links related to Tucows service – as you are actively promoting them nonetheless! Some of those groups that were linked were instantly THROWN OFF Epik, then you run a puff piece and hide the truth with intent to damage control. Unbelievable.
You just lost all credibility in my book. This is a new level of double standard hypocrisy even for you.
Keep plugging them away. I’ll share on NP and other networks later this week what you elected to keep from your readers. We can do an entire piece on the attacks and links from your past that are okay, when it is isn’t you doing your promotional work. Then the free passes you hand out when it suits you.
Nice that – once again – your work against hatred, discrimination, and racism is dependent on who is footing the bills. You should be ashamed of yourself. The finger pointing and intentional harm you have done to others is already bad enough, without actually seeing you misrepresenting truth while Tucows clients bombard the world with messages telling others to take out black children and Jewish babies. Nice job there puppet.
Perfectname.com Sales says
Did I miss something?
They should say change passwords, I mean it sound easy vague, I bet you it’s a lot worse than they led on.
HITNAMER :(·): says
Their statement is a big lie, 100%. I am a customer and contacted them about this in JANUARY when I found my best domains were appearing so reasonable on Afternic, I was tempted to buy them myself. Eventually, I figured out what was happening BUT GoDaddy still don’t know what’s going on and have no interest in me telling them either!! AND they afford crazy data protections to bad actors who break into your account and do these kind of things!! GoDaddy urgently need to prioritize existing customer accounts over grabbing new customers AND put customer security first always over protecting bad actor’s data – that’s BELOW THE BELT!! Also you can have a domain very easily pinched from your account through expired auction, if this happened, you won’t see it disappear from your account until it’s too late and again GoDaddy isn’t on your side, I can promise you as a paying customer, bad actors are further up the foodchain. If you are a customer at GoDaddy/Afternic, stay sharp as a pin because they don’t have your back at all and your domains are NOT AS SAFE AS YOU THINK
I’ve never used Afternic (only Godaddy) and just received a mail telling me “Congratulations on your new Afternic membership!”