Last week, researchers found that cybercriminals were altering the DNS records of Go Daddy websites in an effort to redirect their visitors to their own malware-spreading domains. Go Daddy reveals that the attackers compromised the accounts by phishing out the affected customers’ credentials.
Go Daddy representatives have told The Next Web that they’ve begun identifying the affected accounts. The malicious DNS entries have been removed and the passwords of the impacted customers are being reset.
“We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems,” said Scott Gerlach, Go Daddy’s director of information security operations.
Users are also advised to set stronger passwords and to enable 2-step authentication to better protect their accounts.
Sophos experts, the ones who were the first to investigate this malicious campaign, couldn’t precisely determine if the accounts were fraudulently accessed by using stolen credentials because Go Daddy doesn’t allow customers to view their historical login activity.
However, now that the company has confirmed that the accounts haven’t been hijacked by exploiting a vulnerability, websites owners can at least know what to lookout for and what steps to take to secure their accounts.