Security Incident 5:07pm to approximately 7:00pm PST 31 March 2020

Security Incident 5:07pm to approximately 7:00pm PST 31 March 2020

Dear Customers:

At 5:07pm PST today, hackers got access to our domain registry account for the Escrow.com domain through a breach of our domain registrar’s systems.

Our team immediately learned of the situation and within minutes were working with the registrar to regain access to the account. We regained control of DNS by approximately 7:00pm PST.

During the incident the hackers changed the DNS records for Escrow.com to point to to a third party web server that displayed the following message:

We wish to make clear that:

• No Escrow.com systems were compromised.
• The registry account solely contained Escrow.com owned domains.
• No accounts holding customer domains were compromised.
• No customer data was accessed.
• No customer funds were accessed or at risk.

During the incident, our security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account.

During this phone call, our security team learned that the route of entry was that the hacker had unlawfully accessed our registrar’s internal support systems and was using them to make changes on Escrow.com’s account.

Over the coming days, we will be discussing the experience publicly to educate the wider community on these hacking and social engineering techniques.

We wish to thank the domain registrar for their speed and coordination with us in resolving this matter.

Regards,

Matt Barrie
Chief Executive
Escrow.com