GoDaddy.com Hits Crisis Mode

GoDaddy.com crashed on Monday, September 10th, and it took thousands of other sites down with it.

Simply put, GoDaddy.com was hacked and their DNS servers were taken down went down faced an internal error prompting a cascade of crashes. In  layman’s terms, this means if you purchased a domain or host your site with the company, your site was down. Customers were becoming more agitated by the minute, and by 1 pm (Eastern) GoDaddy.com had a full-scale crisis on its hands. My personal websites are hosted with the company, so as a customer my interaction with the site went exactly like this:

Upon realizing that the site was down, I Googled “GoDaddy customer service phone number” only to find that the phones seemed to be down as well. I then pulled up Twitter.com/GoDaddy where I saw that they were cognizant of the  problem and were in the process of trying to rectify it.

After seeing the Twitter update, I chalked it up to a small, temporary issue and went about my day. But then reports of a hack started to surface and Mashable.com later confirmed the news.

GoDaddy certainly found itself in a hard spot because phone systems were jammed, or down, and they had a very limited way of disseminating updates to customers. Granted, the company did leverage Facebook and Twitter to share some updates, albeit somewhat vague ones.

Almost 24-hours later, many customers have their websites back up and running, but GoDaddy could face implications that severely cost the company if certain steps are not taken. And for that, it’s worth a refresher of some standats Crisis Communications protocol that can apply to almost any organization facing an issue:

  • Acknowledge the crisis (tell the truth)
  • Let customers know who was impacted
  • Provide periodic updates so customers aren’t left in the dark
  • Explain the steps that will be taken to prevent these types of attacks in the future
  • Once the issue is resolved, develop an ongoing communications plan to highlight precautionary security measures that are in place so customers rest assured that their websites are “safe”

Prior to writing this post I, for the first time since yesterday, went to GoDaddy.com to see if they had any sort of messaging on their homeage and, sure enough, they did. As of this writing it reads,

NOTICE:

At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.

As a customer I’d love a little more detail, but am happy to know that my customer data was not compromised. I have zero inside knowledge of the situation, but I’d imagine that a letter from the company’s CEO will be sent to customers later today providing additional detail and touching on security measures that are being put in place. This communication should reiterate the five crisis communication steps outlined above, and could be the company’s first attempt at turning a negative into a positive.

We’ll see if I get that email.