GoDaddy is investigating allegations that an internal user improperly transferred a customer's domain to another party in just four minutes, bypassing standard security protocols like two-factor authentication and ownership protection. The unauthorized transfer resulted in four days of downtime for the affected non-profit organization, disrupting its websites and email services. While GoDaddy claims proper documentation was received, both the original account holder and the recipient deny this, with the domain being voluntarily returned after the error was realized.
Security Operations , Identity GoDaddy under fire for alleged unauthorized domain transfer April 30, 2026 Share By SC Staff (Adobe Stock) GoDaddy is currently investigating claims that it handed complete control of a 27-year-old domain to another customer without requiring proper authentication or supporting documents. The allegations stem from Lee Landis, a partner at IT shop Flagstream Technologies, who claims one of his client's domains vanished from their GoDaddy account without notice, with further coverage provided by The Register. The incident involved a domain belonging to an anonymous American non-profit with 20 locations nationwide. According to reports, the domain transfer was allegedly approved in just four minutes by an "internal user" at GoDaddy, bypassing standard security protocols, including two-factor authentication and ownership protection. This resulted in four days of downtime for the non-profit, disrupting access to websites and email accounts. While GoDaddy stated that proper documentation was received, both Flagstream and the recipient of the domain deny this. The situation was eventually resolved when the recipient voluntarily returned the domain after realizing the error. Source: The Register SC Staff Related Security Operations Polymarket denies data breach claims by hacker Xorcat SC Staff April 30, 2026 Xorcat claimed to exploit several vulnerabilities, including undocumented API endpoints, a pagination bypass on the CLOB trading system by altering code to request nearly a million data points, and a CORS misconfiguration. Security Operations Supreme Court hears arguments on controversial geofence warrants SC Staff April 29, 2026 Geofence warrants allow law enforcement to compel tech companies like Google to provide location data for all users within a specified area and time frame. Security Operations Silverfort acquires AI-native identity security firm Fabrix SC Staff April 29, 2026 Fabrix Security offers an AI-native platform designed to assist enterprise identity and access management teams in making faster and more accurate access decisions for both human and non-human identities, including service accounts, API keys, bots, and AI agents. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Basic Authentication Biometrics Challenge-Handshake Authentication Protocol (CHAP) Cold Warm Hot Disaster Recovery Site Countermeasure Cron Digest Authentication Digital Certificate Disaster Recovery Plan (DRP) Discretionary Access Control (DAC) You can skip this ad in 5 seconds