A friend with a small business experienced an unauthorized login to their business domain registered and hosted by GoDaddy on 8/26.
It began with a notification that someone logged into the GoDaddy account from an Android device in Queens. This was followed by a series of logins from various cities, including San Francisco, New Orleans, Rio de Janeiro, Rome, Kinshasa, Karachi, Bangkok, and finally Beijing.
This is crucial, the login activity you described is a strong indication of unauthorized access to your friend’s GoDaddy account. The series of logins from various locations around the world suggests a malicious attempt to gain control of the business domain. Here are some recommended actions for your friend to take: Secure the GoDaddy account by changing the password immediately.
A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Enable two-factor authentication (2FA) for added security. 2FA requires a second factor, such as a code from a phone app, in addition to the password to log in. This makes it much more difficult for unauthorized users to access the account.
You should always ensure that the domain lock for all domains registered under the account has not been disabled. This prevents someone from transferring a domain, thus stealing it from you.
Getting email access to send phishes and spam is probably the aim. Make sure your acquaintance confirms that no new email addresses have been set up under their domain.