HN · HACKER_NEWS// 6h agoSECURITY INCIDENT

GoDaddy Gives Domain to Stranger

A GoDaddy account-recovery workflow allegedly transferred a 27-year-old nonprofit domain into the wrong account, taking down email and web access across the organization. The post says support stalled for four days, then declared the case closed before the domain was recovered by the unintended recipient noticing the mistake.

// ANALYSIS

This looks less like a clerical error and more like a critical validation failure in registrar operations. When a protected domain can move accounts without clear documentation, the real risk is not just downtime but total control-plane loss.

–The outage hit core infrastructure: DNS, email, and the website all went dark after the transfer
–Support friction made the incident worse, with repeated case resets, generic inboxes, and no clear incident owner
–The fact that the domain was restored by the accidental recipient, not by support, is the strongest signal that the workflow was broken
–For operators, this is a reminder to treat registrar access as a high-severity dependency and to have independent recovery paths
–The story also raises a broader trust question: if recovery can be triggered with ambiguous evidence, the process is vulnerable to both mistakes and abuse

// TAGS

infrastructuresafetygodaddy

DISCOVERED

6h ago

2026-04-26

PUBLISHED

9h ago

2026-04-26

RELEVANCE

5/ 10

AUTHOR

jamesponddotco