Domain listing, resale, and aftermarket purchase services provider, Afternic warned users about a security issue. Afternic, owned by GoDaddy, was contacted by a security researcher on February 12 about a potential issue with a Web API. Shortly after, the company sent a mail to affected customers to inform and warn them.
No password or credit card information was leaked
The company claimed that password or credit card information at risk was at risk at no point. The company also stated that they investigated the issue and found a misconfigured server accessible through the API. According to the email sent by the company, users’ information, including first name, last name, email address, physical address, telephone number, and Afternic username may have been reached by third parties. Afternic alto stated that they have removed the server from rotation. In the email, the company stated:
“We want to make you aware of a security incident we recently identified.
On Thursday, February 12, a security researcher contacted us about a potential issue with a Web API. We immediately opened an investigation and found a misconfigured server accessible through the API. Using this API, the security researcher crafted a specific request that returned information from other customer accounts.
Through our audits, we identified this specific API call was run against a small segment of our customers’ accounts. Unfortunately, your information may have been viewed using this call, which includes your first name, last name, email address, physical address, telephone number, and your Afternic username. At no point was your password or credit card information at risk.
As soon as we identified the issue, we removed the server from rotation, securing our API infrastructure.
Please monitor for any suspicious communications that may come from third parties through the contact details that were on your Afternic account.
We are very sorry this incident happened. Protecting the privacy of our customers is our top priority and we let you down in this instance. Our team is committed to preventing these types of incidents in the future and we’ll always be forthcoming in our communications with you.”