GoDaddy Breach Raises Customer Concerns

GoDaddy Breach Raises Customer Concerns

In September, up to 1.2 million GoDaddy hosting customers were exposed by a data breach that went undetected for over two months. GoDaddy is one of the world's largest internet service platform providers. Its services include domain registry and web hosting for over 20 million customers worldwide and there are more than 82 million domain names registered through its services. The GoDaddy breach is just the latest example of the increased security risks you can encounter whenever your data is hosted by a third party. 

Inadequate security leads to customer data exposure

Wordfence, a security provider for WordPress sites, reported the cause of the breach was due to inadequate security by GoDaddy for its Managed WordPress hosting environment. The Wordfence article goes into specifics, but in short, the inadequacies gave the attacker easy and direct access to the usernames and passwords for up to 1.2 million Managed WordPress customers. The full extent of GoDaddy customer data that was exposed included:

  • Email addresses

  • Customer numbers

  • Original WordPress administrator passwords

  • Secure FTP (SFTP) usernames and passwords

  • Database usernames and passwords

  • SSL private keys

On November 24, Search Engine Journal reported that the breach has now spread to six more hosts who are resellers of GoDaddy’s hosting services:

  • 123Reg

  • Domain Factory

  • Heart Internet

  • Host Europe

  • Media Temple

  • tsoHost

GoDaddy has stated in an email to impacted account holders that the breach was limited to the hosting accounts’ credentials and did not involve customer accounts or the personal information stored within them. However, Wordfence reported that hackers with access to website databases could potentially gain access to sensitive customer data stored on the ecommerce sites.

What can the attacker do with this information?

Exposure to phishing attacks is probably the most common result that could arise from the breach, but there are other risks as well. With over two months of access, an attacker could have uploaded malware or added a malicious administrative user to the affected sites. This could allow the attacker to control sites even after their passwords have been changed. The attacker could also gain control of sites that still use their original default passwords. On sites where the SSL private key was exposed, an attacker could potentially perform a man-in-the-middle (MITM) attack that could intercept encrypted traffic between the site and any visitor.

Key risks to customers

In wake of a security breach like the GoDaddy hack, when an unauthorized user accesses or obtains customer data, current and former customers face several key risks:

  • Phishing Attacks - With up to 1.2 million customer email addresses and GoDaddy account numbers exposed, attackers can use this information to phish for additional personal information from customers through seemingly legitimate-looking emails.

  • Identity Theft - Through additional phishing, attackers can attempt to gather personal and financial information. With this information, they can try to assume the identity of the victim to access sensitive financial information or to try to establish new credit cards or personal loans under the victim’s identity.

  • Unauthorized Access and Control of Customer’s Websites - With a customer’s site exposed to an unauthorized party, there’s a risk that customers may have their sites impersonated or that additional sites can then be accessed and compromised.

What to do if your site is hacked

GoDaddy issued their own recommendations for what to do if a site has been compromised by a hack. Naked Security expanded on the GoDaddy recommendations with additional steps that GoDaddy Managed Wordpress customers should follow as an extra precaution for their sites:

  1. Verify that GoDaddy has your updated contact information and watch for emails from GoDaddy about the incident. 

  2. Confirm or enable multi-factor (2-factor) authentication for your account.

  3. Review all of the files on your site, particularly those in WordPress plugin and theme directories. Attackers can attempt to use malicious plugins to get back into your account.

  4. Review all accounts on your site. Another trick cybercriminals use is to create new accounts with usernames that closely match your account names to try to sneak back in later.

  5. Be wary of anyone who contacts you with an offer to help clean up your site. Cybercriminals could be using your compromised email to reach out to you.

Protection from phishing and malware attacks

As a consumer or small business owner, protecting yourself from impending phishing attacks that may result from a breach is critical to your security. A good rule of thumb is to assume that hacks and compromises to the third-party systems we rely on are a way of life these days. Stopping attacks from occurring by protecting your home or small business network can keep your systems and devices protected.

An effective way to provide this protection is by implementing an advanced and comprehensive cybersecurity solution that guards your home or small business from cyberthreats and blocks phishing and malware attacks automatically. Okyo Garde provides this level of protection.

Okyo Garde is built on industry-leading threat intelligence technology by Palo Alto networks that is trusted by 96% of Fortune 100 companies for their enterprise cybersecurity. When an outside incident like the GoDaddy breach occurs, having a holistic security system in place, such as Okyo Garde, will keep the connected devices on your network protected from cyberattacks and phishing attempts.

Editorial note: Our articles provide educational information to help keep you protected. Our products may not secure you against every type of cyberthreat, crime, or fraud. Our goal is to increase awareness and raise attention to cyber safety. If you choose to use Okyo Garde, please review the complete terms during purchase and setup.

Learn how to get protected with Okyo GardeView all articles
okyo brand-lockup-with-panw brand-lockup-with-panw copy
Okyo Garde is a subscription service that auto-renews. The subscription includes the Okyo Garde mesh-enabled router, which requires an active subscription to function. Please see our Return & Refund policy for cancellation details.
Copyright © 2021 Palo Alto Networks Inc. All rights reserved. Other names may be trademarks of their respective owners.