This piece is useful If you are planning to buy website services from Godaddy. I am currently facing a strange situation with Godaddy. Based on the last two months experience, I will not recommend GoDaddy as a reliable organization for domain registration, website services, and keeping your credit card credentials secured in their system for auto-renewal.
There was some technical problem when I wanted to renew my domain a few months before. I could not log in my account. When contacted Godaddy India technical support, they transferred the issue to the higher level. Later my account started functioning normally. I renewed my domain and bought an additional domain, too.
I have been a customer of Godaddy from last eight to ten years or more; I do not remember. Never faced such a security problem with Godaddy as I am facing today. After a month of the whole incident (locking my account then unlocking and renewing domain), one midnight I got one of the scariest messages of my life. It was from my credit card bank stating that someone tried to use my card at Godaddy to purchase services. My luck was with me. The transaction declined as the card was already deactivated.
Actually, my credit card bank had sent me a new credit card a few months before the expiry date of my existing card. So as soon as I got a new card, I started using it. A basic fact is that when you start using your new card the old card is deactivated automatically and no transaction is allowed.
This fact was not known to the person tried to purchase at Godaddy using old card details. My old credit card expiry date is yet to come. Now analyze this. The person with my old credit card details does not know that the card is deactivated. That saved me.
What is strange that the evil character still trying to use the detailed to purchase at Godaddy.
I run a professional high-traffic website. I pay many service providers globally as they provide various services to my website. That includes Godaddy also. How my old credit card data leaked? If it is leaked from other places, then why someone had tried to buy services at Godaddy? It does not make sense. Therefore, Godaddy cannot deny for data leak.
My common sense says that the information had leaked from Godaddy system When my account was observed to resolve a technical issue. It is my guess. I do not have proof. I manage my website, server, and several related things. Therefore I know for sure that how this technical thing works.
When I had contacted Godaddy after getting the SMS that someone tried to use my card details to purchase at GoDaddy, customer support informed me that it is not possible, and my data are safe with them.
Since then I got three similar messages from credit card bank that someone is trying to use my card details at GoDaddy. I have reported this to the bank, and they are investigating it.
I decided to write about this incident today morning after getting a usual email from Godaddy that how to recent my account password. The strange thing is I did not request for it.
Now someone has my account username, thankful not the password or who knows even password. I have set two-factor authentication in my GoDaddy account, so one needs uniquely generated OTP to access my account.
How someone has my account username for my Godaddy account. At Godaddy, email ID or client ID works as username to log in an account. If someone able to send a request for password reset, that means the evil character knows my – either account email ID or client ID. How did it happen? I did not call to Godaddy customer care this time. I do not want to waste my time on hearing the same stupid message.
Sir, your account details are safe with Godaddy.
I know now how safe my details are with them.
As I mentioned at the beginning of this article, I have been a customer of Godaddy for more than ten years (I do not remember). Never faced this kind of security breach. It was the first time that my account moved to multiple departments in the organization. Now the outcome is someone has my credit card details, and now they are trying to hack my account also.
I do not have solid proof to establish that my data was leaked from Godaddy system. However, my common sense says that it could not happen from any other place. Leave the credit card details for a moment, think who can have my Godaddy account credentials other than me and Godaddy itself. Someone tried to resent my account password that means he/she has my username. How?
► Solution – Godaddy vs. Google Domains
Soon I will move my asset from Godaddy to Google Domain. Google will be able to copy my DNS record as it exists in the Godaddy system. So, there is no issue on that front also. Moreover, Google offers to option to keep private whois records free of cost. At the same time, Google DNS will be much faster than DNS of any other company. Also, my renewal of domain will be valid until the period I already paid to Godaddy. All I have to do is renew my domain with Google for one more additional year. That is absolutely fine with me.
I highly recommend not to buy a domain or renew your existing domain with Godaddy. The problem I am facing does not happen instantly and with everyone. As I said, I am a Godaddy customer from last ten years. After 10 years I faced the issue wherein my account details are compromised. My account is safe (I can hope for) because there is two-factor authentication and I have all the proof that the account belongs to me.
I was, and I am lucky enough to escape from fraudulent transactions. If you are not lucky enough then…Forget calling Godaddy because they have only one answer for every concern you have that is — your data are safe with Godaddy. You know now how safe your data could be with them.