Back

GoDaddy Transfers 27-Year Domain Without Authorization, Causing Major Downtime

Severity: High (Score: 63.0)

Sources: Theregister, News.Ycombinator

Summary

GoDaddy is investigating allegations that it transferred a 27-year-old domain, HELPNETWORKINC.ORG, from a client’s account to another user without proper authentication or documentation. The transfer occurred on April 18, 2026, leaving the client, a national non-profit with 20 locations, without access to their website and email for four days. The domain had dual two-factor authentication and ownership protection enabled, which were bypassed during the transfer process. The incident was reported by Lee Landis of Flagstream Technologies, who experienced significant difficulties in resolving the issue through GoDaddy's support, making over 32 phone calls and sending numerous emails without a satisfactory response. The case was closed by GoDaddy without resolution after four days. The implications include risks of business email compromise and loss of access to critical recovery mechanisms. Key Points: • GoDaddy transferred a 27-year-old domain without proper authentication. • The affected client experienced four days of downtime affecting 20 locations. • GoDaddy's support was unresponsive and unhelpful during the resolution process.

Key Entities

  • Malware (attack_type)
  • Phishing (attack_type)
  • Anchor Hosting (company)
  • Flagstream Technologies (company)
  • GoDaddy (platform)
  • United States (country)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • cas.godaddy.com (domain)
  • godaddy.com (domain)
  • helpnetworkinc.org (domain)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed