Go Daddy has finally fixed a huge privacy leak issue that was first reported and publicized by Abdu Tarabichi back in March: revealing partial e-mail addresses of domain owners.
The flaw gave anyone the ability to see a partial e-mail address of a registrant, even if the registrant had used Go Daddy’s privacy service, Domains by Proxy, Inc.
For people to see the partial e-mail address, all one had to do was simply try and retrieve a customer number online from Go Daddy’s main website. In the past, to retrieve a customer number online, you would select a product from a list (for example “Domain Name”), enter a security access code by retyping the graphic number shown on screen, then Go Daddy would display a partially masked email address on the screen that corresponded to the domain name you entered, such as ****email.com.
In fact, it made it somewhat easy for domain sleuths to see which company registered a domain name, that is, if the company happened to use a corporate email address such as ***zynga.com.
Social gaming giant Zynga finally started using a generic Yahoo! email address in order to keep its domain registrations a better kept secret. The company regularly uses Go Daddy’s privacy services, but after a number of stories revealed it was the owner of certain domain names, the company switched away from its company address.
The change to Go Daddy’s Account Retrieval System fixes the way that you retrieve customer numbers online.
Go Daddy now requires you to enter the email address on the account, as an additional step.
Here’s a look at the old way of doing things. Go Daddy has yet to update its Online Help.
3 replies on “Bad news for domain sleuths, Go Daddy finally fixes WHOIS Privacy leaks in Account Retrieval System”
[…] Although both domains are registered at Go Daddy and hidden behind its privacy service Domains by Proxy, it’s simple to reveal Amazon as the owner by using Go Daddy’s public Account Retrieval System, a system that in June addressed other privacy issues with the tool. […]
[…] the last year Zynga has improved its domain buying methods in order to keep its unreleased games a secret, including using a generic Yahoo! email address when […]
[…] As I wrote back then, KindleAir.com was the first hint, but I discovered that Amazon had also secretly acquired the domain names KindleEarth.com KindleWater.com on July 6, 2011. Both were registered at Go Daddy and hidden behind its privacy service Domains by Proxy, but it was simple to reveal Amazon as the owner by using Go Daddy’s public Account Retrieval System, which in June finally addressed other privacy issues with the tool. […]