GoDaddy Hacked For Nearly 3 Years

[Dr.FarFar]

Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

You can read it here

Quote:

https://www.wired.com/story/godaddy-hacked-3-years/

What no one knows

I didn't think I would tell anyone about this report again
The GoDaddy Security Team actually neglected my report
they have now lost their reputation Because they neglected this loophole

I have been reported a high-risk vulnerability in Godaddy
That vulnerability was SQLi
by that loophole
I can know everything about that company
Including all credit card data fields
I can also withdraw domains from accounts and transfer them to other companies
And complete the exploitation and access to the company's servers and do everything that may harm it and its customers
But I did not do those evil deeds

These are some of my messages to them

In addition to a Proof-Of-Exploitation video

Quote:

https://www.BlackHatLab.com/Godaddy

NB:

Quote:

I'm Not The Person Who Hacked And Harmed GoDaddy Company 😉

Best Regards,
Dr.FarFar

[Roy25]

Off late GoDaddy seems to have developed unwarranted ego. I have seen change in the way there sales and support executives behave over last decade. Not that this justifies the incident, but sometimes things like these keep u grounded.

On a sidenote:

Quote:

I'm Not The Person Who Hacked And Harmed GoDaddy Company 😉

We do believe u dr.

[Dr.FarFar]

Unfortunately, if there was a good response to my report from The Cyber Security Team at GoDaddy
The hack would not have happened
You can see the messages and proof video in the link above

[tK!]

thank you Dr
i think i remember was about +1M users leak sold in RaidForums ( closed now )

same thing happen on 00webhost , wix ( 2018 ) , ....

[Dr.FarFar]

Quote:

Originally Posted by tK!

thank you Dr
i think i remember was about +1M users leak sold in RaidForums ( closed now )

same thing happen on 00webhost , wix ( 2018 ) , ....

The loopholes used in what you say are JSON vulnerabilities

What you are saying is not similar to the Godaddy incident

But what happened is
SQL Injection vulnerability at GoDaddy.com & All Subdomains

You can watch the video and imagine the losses Godaddy can take
If I did anything evil

I can do evil things easily, but I don't like doing them to anyone

[Roy25]

Quote:

I can do evil things easily, but I don't like doing them to anyone

Good to know that we're in good company and not Dr. Hannibal Lectar's

And about the The Cyber Security Team at GoDaddy, I wonder how no one responded to such a huge thing! Companies rightly make a huge fuss of even a small miss by an employee like using a USB drive, or opening certain sites inside corporate network, how can they miss such a report is beyond my reasoning.

Though, I feel they were really dumb either ways - because even if they were unethical and took it from "personal growth" perspective, they could have easily "claimed" it to be found by them internally and got a promotion or something lol . Because u/reporter would have not bothered or even informed anyway.

[niculaita]

maybe you injected into a honney pot

[Dr.FarFar]

No, certainly not. There is evidence that the company was hacked during the same period, and the hack lasted for three years.