GoDaddy Data Breach – What You Need to Know

While we all have been busy adjusting to the new normal, cybercriminals are having a fun time. To carry out cyberattacks and target more users, they are taking advantage of the disrupted environment. For them, 2021 is the golden year, and with an increase in the number of people working remotely, cyber-attacks have become more accessible. A recent study shows that the number of data breaches in 2021 has almost doubled, and about 80% of attacks took place due to simple brute force attacks.

2021 Data Breach & Cyber Attack Facts –

  • 5258 confirmed breaches in 2021
  • 11% increase in the number of phishing attacks
  • 6% increase in the number of phishing attacks using ransomware
  • 85% of breaches involve the human element
  • 80% discovered by third parties.
  • The financial impact of data breaches crosses $21659

This attack rings the bell and raises serious concerns regarding data security, and the worst part is that these cyber-attacks aren’t limited to technologically weak enterprises. Instead, the big names with robust data security measures are also targeted. A recent example of this is the GoDaddy data breach that exposed over a million user accounts.

GoDaddy Data Breach

What is GoDaddy Data Breach?

In a filing with the Securities and Exchange Commission, GoDaddy confirmed a data breach of 1.2 million customers that jeopardized customers’ usernames, email addresses, numbers, and passwords  In Sept, the company detected unauthorized access to its systems where it hosts and manages customers’ WordPress (an online content management system) servers.

At first, it looked like only the managed WordPress feature was affected. However, subsidiaries like 123Reg, Host Europe, Domain Factory, tsoHost, Media Temple, and Heart Internet that sell services are also affected. In simple words, it means more users were affected than the figure given by GoDaddy.

How did the attack take place?

GoDaddy said to get access to the system; attackers used a compromised password. However, it is not clear whether the jeopardized password was protected by two-factor authentication or not. In addition to this, the site-building tool known as Managed WordPress, which allows users to host and create their WordPress installs on GoDaddy, is also held responsible.

Adding to this, Robert Prigge, CEO of Jumio, said, “the issue happened due to a vulnerability of relying on credentials to authenticate users, as it was caused by unauthorized access via a compromised password.”

When did the attack take place?

The attack initially happened on Sept 6; however, cybercriminals were able to steal data for over two months up until GoDaddy was able to discover the breach on Nov 17th, 2021.

“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, GoDaddy CISO confirmed.

What data was compromised?

  • Emails and customer number for 1.2 million active and inactive Managed WordPress customers
  • sFTP (Secure File Transfer Protocol – a file transfer protocol that allows users to upload and download files from a hosting server via a secure connection).
  • SSL private keys “for a subset of active customers, used to authenticate websites to internet users, enable encryption and prevent impersonation attacks. GoDaddy is in the process of issuing and installing new certificates for affected customers.”
  • Actual WordPress administrator-level passwords.
  • Database username and passwords. Passwords are now reset.

Is resetting passwords and private keys enough to protect 1.2 million users’ affected data?

How can we stay safe from such attacks?

There is no 100% proven way to stay protected. However, if online organizations switch to secure alternatives like biometric authentication, things can be handled. Also, businesses need to do a thorough security check and keep things patched.

Is the threat Over?

It doesn’t look like this because GoDaddy in a statement to SEC stated that exposed data can be easily used to conduct phishing attacks or impersonate customers’ services and websites.

This clearly says, instead of closing the door, GoDaddy has opened Pandora’s box.

Moreover, GoDaddy had enough time to patch things, but the company did nothing. Instead, they changed the passwords of affected websites which in no sense is enough. Not only this, the company said nothing about identifying and fixing compromised databases or deleting rogue administrator accounts. This means the threat is not gone; to stay secure, users need to be more cautious.

Wrap Up –

The above example explains how cybercriminals are acting and leave no chance to exploit an undetected vulnerability. If organizations want to put a tab on these attacks, they need to put security measures in place and check on weaknesses. Unless they patch them, data breaches are going to take place like:

  • Whitehat Jr, a data breach exposing data of 2.8 lakh students and teachers.
  • BigBasket, the data breach that affected the data of over 2 crore customers.
  • Twitter data breach where cybercriminals hacked verified accounts of influential and well-known personalities.
  • Marriott’s data breach exposed data of more than 5.2 million and more.

So, now it is up to the users and organizations how they want to fix things. What is your take on this, do share your opinion in the comments section.

What Do You Think?
Responses
  • Upvote
  • Funny
  • Love
  • Surprised
  • Angry
  • Sad

Leave a Reply


wethegeek