Data Breach Confirmed by GoDaddy
Data Breach Confirmed by GoDaddy: What You Need to Know
It’s the world’s largest domain registrar with 19 million customers but that hasn’t stopped GoDaddy from a data breach that impacted its web hosting account credentials.
Apart from those 19 million customers, GoDaddy plays host to millions of websites and manages 77 million domains; it certainly isn’t a small company and is known across the world for the management and hosting services it provides. It is interesting to note that Forbes cybersecurity contributor, Davey Winder, wrote in a recent article that an “unknown number of customers have been informed that their web hosting account credentials have been compromised.”
GoDaddy later told BleepingComputer, in an official statement, that roughly 28,000 customers’ hosting accounts were affected.
What do we know about the GoDaddy breach?
So far, there isn’t a lot of information that has been released. The data breach was confirmed, in an email signed by GoDaddy CISO and Vice-President of Engineering, Demetrius Comes. The email advised that the security breach was recognised after some suspicious activity was identified on some of GoDaddy’s servers, but the concern is that it took so long to recognise – the Department of Justice in California indicates that the breach occurred back in October 2019, after the disclosure notification email sample was filed with them.
Comes’ email advised that upon investigation of the data breach, GoDaddy staff determined that an unauthorised individual gained access to log in credentials that meant they could “connect to SSH” on the affected hosting accounts. For those not so tech savvy, SSH is an acronym for secure shell, a network protocol used by system administrators to access remote computers.
SSH security is extremely important as it is used to access the most critical assets of an organisation. Yana Blachman, a threat intelligence specialist at Venafi told Winder that it is vital organisations use the highest security level of SSH access, as well as disabling basic credential authentication. She notes that using machine identities involves “implementing strong private-public key cryptography to authenticate a user and a system.”
Are you affected by the GoDaddy breach?
The important part about Comes’ email is that it was noted that the breach was limited to hosting accounts and not customer accounts, which means the personal information stored in those customer accounts wasn’t breached. GoDaddy found no evidence that suggested the modification or addition of files on the affected accounts, but, tellingly perhaps, they didn’t mention if any of those files had been viewed or copied.
GoDaddy has however assured that all impacted hosting account logins have been reset, and an email sent to affected customers with the procedures needed to regain access to their hosting accounts. They have also recommended that users audit their own hosting accounts to ensure everything is in order.
Free services to affected customers
GoDaddy have advised that they will provide security and malware removal services complimentary for a year to those affected customers, expressing their regret that this incident occurred.
It is important to note that GoDaddy’s offer of free services show that the breach in hosting accounts was unlikely to be the fault of the customer.
In his article, Winder notes that the investigation into the GoDaddy breach is far from over. While GoDaddy’s email noted that the attacker had been blocked from their systems, it also stated that they are continuing to look at any potential impact across its environment.
This is the second major security incident GoDaddy have dealt with in the space of a few weeks. Winder notes that at the end of March 2020, a former Washington Post journalist, Brian Krebs, detailed how a GoDaddy employee had fallen victim to a spear-phishing attack” which led to the hacking of a small number of GoDaddy domain customers.
BleepingComputer also reports that in 2019, scammers used hundreds of compromised GoDaddy accounts to create 15,000 subdomains, some attempting to impersonate popular websites, to redirect potential victims to spam pages.
FrogOnline's online and creative solutions help you connect your brand with customers, increase audience reach and accelerate growth, with online and offline strategies that deliver the results you need to hit your goals.
Subscribe To The FrogBlog