GoDaddy Hacked On the 24th of June 2022, my GoDaddy hosting account was hacked even tho I have a Two-factor Authentication active, this leads me to think it was an inside job, perhaps one of the customer support representatives I have given access to on multiple occasions to get assistance with my account, so now I can’t even trust them.
I first suspected a hacker when I found bizarre emails created, that made no sense. I did not delete them assuming the GoDaddy staff could use them to figure out who had created them and lead them to find the suspect.
I tried calling them twice, after I had identified my self explained what had happened and what I thought about it, they asked for access, and I gave it to them. seconds after that, they cut the call on me both times.
I then got even more suspicious and used online chat support and did not provide details about my account just what I thought, they then said it was strange and said I should start a support ticket and they would contact me by email.
I explained everything in the support ticket and finished the process, later I was exhausted from the stress and went to bed.
The next morning I visited one of my sites and realized it was loading some strange website about selling clothes and make-up etc, I then check some more of my websites and they also were loading strange websites.
At first, I thought it was a re-direct that had happened to me before, but it was displaying my domain in the address bar so I realized, it was coming from my own hosting that is showing this website.
In a fit of frustration, I logged in and changed my hosting password, checked if there was anyone else logged in to my account, took screenshots of all the strange new emails, and deleted them.
I pursued searching my website categories and files and then realized this would take too long and i.e greater damage to my websites and reputation.
So I compressed all the website files and deleted everything except the zips which was proof, I then restored all websites from backups and changed their passwords.
It’s been a day or two and I’ve received a reply by email about my support ticket saying they can not help me.
I still don’t know who it is, but I do know I can Not trust GoDaddy because they have been acting really suspicious and how else can you get passed a 2-factor authentication unless it is given to you freely. why else would tech support be freaked out about my claims to hang up on me which they have never done before? it’s not like they figured out all the passwords to all my websites and who would know they were all mine, some have full privacy turned on.
As you can see, something fishy is going on