December 5, 2021

My GoDaddy & Google Accounts Hacked

When I got back from vacation, one of the many emails I had to go through was a Godaddy one saying that my password had been reset. I thought nothing of it, and clicked the spam button in gmail – thinking it was a phishing attack.

Today, that email suddenly jumped back into my head as I was about to register some new domain names and couldn’t login to GoDaddy.

A quick call to friends at GoDaddy revealed that somebody had guessed my Google account password, and used my Gmail to reset my GoDaddy account. Thankfully, I caught it before they had changed any DNS settings, registered, or transferred any domains.

I also managed to change my Google account password to something even harder to guess. (I’m actually shocked that somebody had guessed a 7 letter non dictionary word in the first place – if that’s how they got it.)

I’ve read about other techniques that involve including parts of a different domain onto your webpage, then using javascript to read what the browser auto-fills in the form. This can all be done in a 1px iframe apparantley – maybe that’s how it was done. I’m not sure.

Anyway, it’s scary just how much your Google account actually has access to. I’m lucky I caught it in time.

About Ryan Jones

Ryan Jones is an SEO from Detroit. By day he works as a manager of SEO & Analytics at SapientNitro where his team performs SEO for Fortune500 clients. By night he's either playing hockey or attempting to take over the world with his own websites - which he would have already succeeded in doing had it not been for those meddling kids and their dog. The views expressed here have not been paid for and belong only to Ryan, not any of his employers or clients. Follow Ryan on Twitter at: @RyanJones, add him on Google+ or visit his personal website: www.RyanMJones.com

Comments

  1. Hey Jones, maybe they didn’t guess your gmail password… is it possible the just keyed in your account number on GoDaddy.. and selected forgot password and changed it just to be jerks 😉

    It’s kind of funny that on so many sites you can just put in a username of someones that you know because most usernames are public on the forum or whatever, and reset their password. Sure it only annoys them, and requires them then to go reset it or check their email but still its a funny little DOS. Just like trying to connect to a terminal server with someones account name you know and lock it out. Lots of ways to just be a jerk.