GoDaddy DNS breach


#1

Hello,

GoDaddy has recently suffered from a vulnerability allowing 3rd parties to hijack dns records for a lot of domains, some high profile domains among them, belonging for example to Mozilla.

See https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/

This raises the question whether the hijacked domains only have been used for spam. There is a real risk of certificate misissuance.

This problem of course isn’t unique to Let’sEncrypt, but the automated nature and scale of service makes it an attractive target.

Has any work been done to make sure no certificates were issued to attackers? I monitor certificate transparency logs for my own domains (then again I don’t use GoDaddy), but I’m pretty sure that I’m the exception in that regard. Even doing so spotting offending certs wouldn’t be easy as the only indicator would be an unusual issue time/date.

I’d like to know if a process for such events is in place and if any steps were taken to mitigate risks.

Thank you for your amazing service.