A GoDaddy spokesperson confirmed that a “limited number” of staff had fallen victim to “social engineering” attacks that let the intruders make unauthorized changes to domains and accounts. It responded by reverting changes, locking down accounts and helping victims regain access.
This comes roughly a year after a data breach affecting 28,000 hosting accounts and doesn’t help with GoDaddy’s image. It may have been difficult for the company to void vishing, mind you. GoDaddy has joined many other companies in having staff work remotely during the COVID-19 pandemic. That could make it harder to verify the legitimacy of a caller or website. As such, this might be a problem for many companies, even once it’s safe to return to offices.