GoDaddy's top-notch security - NOT

I tried to use my credit card tonight. It was declined. I paid with my debit card and went home and called the bank, certain it was another “looks odd but really it was legit” thing that they’d done without notifying us. Last time THAT happened, it was after a very large charge hit it for a shoestore in New Jersey - a charge that in fact I had made, but I can see why they flagged it.

Nope - this time they actually got it right. There were two attempted charges on Friday the 10th. I didn’t notice the emails so we kept using the card including today.

I had renewed our domain at Godaddy early Friday morning. I don’t think this is a coincidence - the charges were about 12 hours later. One for 400 dollars at Target dot com, the other for an undisclosed amount at shopkeep dot com. :rolleyes:

Just got off the phone with someone at Godaddy who assured me that their site was secure. I retorted “Home Depot was secure too!”.

Correlation does not equal causation. Keep an open mind concerning the root of the issue.

Agreed. And, in fact, if someone had slurped up credit card data from Go Daddy itself, it would generally take some time for the card to be used. Often (not always, but typically) one crew actually does the breach to get the card numbers, then they bundle and sell the numbers to someone who monetizes them. That takes a bit of time to turn around, probably more than 12 hours.

If you use the card routinely, there are any of a number of ways the bad guys could get the number, from breaching some retailer, to compromising your home PC, to using a card skimmer at an ATM or gas pump, to a waiter just writing the number down.

That’s pretty tenuous evidence for blaming Go Daddy. The timing for a data breech typically doesn’t work like that.

Not to praise GoDaddy - for a website design company, their website is a goddamn disaster to use - but cards get compromised in all kinds of stupid ways and timing of fraudulent charges is no indicator. I had multiple fraudulent charges put on a card that had literally not been taken out of the envelope. There was not a single person who had that card number, except apparently the scammers.

This sounds to me like one particular employee at GoDaddy stealing the number. A couple of uses 12 hours later is perfectly consistent with an employee deciding to steal a single CC number, and then using it after work.

I am no fan of GoDaddy, ethically, but there is no way in hell that an employee or anyone at a large ecommerce operation has access to any credit card numbers. They are encrypted from moment one, or else you fail compliance.

Well, given how often major data breaches hit the news, it’s hard to know whether they’ve got adequate security measures in place or not. Even though they should know better.

Yeah, it’s entirely possible that the timing is purely coincidental. Or it could indeed be GoDaddy. A friend had much the same thing happen a couple months ago (card compromised just after use at GoDaddy) so I’m still suspicious. And pissed that for the third time in a couple of years, I’ve got to redo a bunch of automatic payments because of crooks (the others were things like the Home Depot breach).

Of interest, I’ve only ever had two other fraudulent charges on my cards. One was 99% likely to have been an employee of a medical practice, who was arrested for stealing patient info and making purchases. The other was puzzling - an order for some self-help books on my company Amex, which I had not used anywhere in years. I have to wonder if that one wasn’t literally a typo that somehow got past the checkdigit algorithms that tell whether a number is even possibly valid.

Agreed. Only way it could be a GoDaddy employee would be if you called up to pay by phone and read your card number aloud.

Also, what did the OP expect the customer service rep to say. IF GoDaddy had been breached and it knew, but the news hadn’t been made public (lets be generous and say that the investigation was proceeding and the proper authorities were advising as to when to go public), most likely the phone representative would not know and would parrot the company line, “the site is secure”. IF GoDaddy had been breached and it was known throughout the company, but somehow had not been made public yet (very unlikely), then the rep would not tell a random customer calling to complain and would parrot the company line. IF GoDaddy had been breached and no one yet knew, it would take more than one phone call to get the investigative wheels rolling, and I doubt the phone reps are in a position to deal with that kind of issue in any substantive manner anyway.

I understand wanting to vent, and I know the inconvenience as it has happened to my wife several times (and we don’t use GoDaddy). All most are saying is that you are likely (but not definitely) venting in the wrong place.

It’s a coincidence. You don’t know what you’re talking about. Credit card fraud does not work that way.

[aside] I might’ve mentioned that for a few weeks I spent heavy OT receiving calls and helping callers sign up for free (paid for by my client’s client) identity protection. In the process I would ask them for a (preferably temporary) password for the protector’s website.

“Oh, I’ll use the one I used on the (client’s client) site.”

(drumming fingers on my desk while counting to five)

“Ma’am, do you recall that I told you, two minutes ago, that the hackers made off with your Social Security Number AND your site password?”

“So I should choose another password?”

“Yes, and change your password everywhere else.”

People are genuinely that stupid. [/aside]

Oddly enough, the opposite happened to me yesterday. I received a phone from, saying that they wanted to verify that I was registering a website with them. I said no, because I’m not. I’ve never paid them any attention. The gentleman told me that it was in the amount of $21.19 (which I presume is $19.99 + tax). I again said that it wasn’t me. He thanked me, said that he was cancelling the charge, and to follow-up with my bank. After hanging up, I checked my bank account info. No charge for $21.19, or anything from, appears on my account. I’ll be watching closely to see if anything changes, however. He didn’t ask for my account info, my debit card number, or anything like that.


My husband’s iPhone was stolen out of his hands about a year ago. We spent hours changing passwords as a result - possibly overcautious but if someone HAD managed to extract info from it before it was bricked (or even after, dunno if bricking a phone means the memory is scrambled as well) we could have been in a WORLD of hurt.

We have reason to believe someone was attempting to scam the in-laws a couple years back. As part of sorting out their finances, my husband had a spreadsheet with of their banking transactions over several months. Every few days, there was a dollar charge that was reversed within 24 hours. I googled it and it seemed to be some “service” that the sellers try to get you to sign up for. The in-laws had no clue this was happening, because the charge was always reversed. Nor were they going to do anything about it when I told them, until I pushed them to contact their bank. Some folks is just clueless.

Superdude: strange. So someone signed up with your name and contact info?? Make sure household members (if any) also check their banking info.

Back to the OP: I conceded that it may well have nothing to do with Godaddy and the timing is pure coincidence. Unfortunately, there’s no way to tell, the card has been closed, and we’re in the middle of the hassle of fixing all our automatic billing. Sigh.