GoDaddy approved a domain transfer in four minutes without authenticating the recipient, despite the domain having dual two-factor authentication and ownership protection enabled. An unauthorized customer gained control of a 27-year-old domain belonging to an American non-profit, causing four days of downtime and forcing staff to use personal email during critical fundraising events.
Safety
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
GoDaddy transferred a 27-year-old domain in 4 minutes without authenticating the recipient, bypassing dual 2FA and costing a non-profit 4 days of downtime.
Thursday, April 30, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety