GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions


It has been reported internet infrastructure company GoDaddy has admitted that a hacker gained access to the personal information of more than 1.2 million customers of its WordPress hosting service. In documents filed with the US Securities and Exchange Commission earlier today, GoDaddy said it discovered the breach last week, on November 17, after noticing “suspicious activity” on its Managed WordPress hosting environment. The subsequent investigation found that a hacker had access to its servers for more than two months, since at least September 6.

Notify of
9 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
November 23, 2021 11:27 am

<p>Any breach is unfortunate, especially where over a million customer records have been potentially compromised. Many individuals and small businesses rely on wordpress and GoDaddy to have a web presence and this kind of breach can have a major impact.</p>
<p>While it\’s concerning that the attacker was in GoDaddy\’s servers for over two months, the response by GoDaddy has been very good. The company has reset exposed sFTP, database, and admin user passwords and is installing new SSL certificates. In addition, the company contacted law enforcement, a forensics team and notified customers. All of this is an ideal playbook from which other organisations could learn to better understand how to respond to a breach. </p>

Last edited 7 months ago by Javvad Malik
Trevor Morgan
Trevor Morgan , Product Manager
InfoSec Expert
November 23, 2021 11:27 am

<p>The unfortunate GoDaddy hack that recently exposed customer data from over a million data subjects illustrates the fact that threat actors sometimes linger in data environments for days, weeks, or months before detection. We often think of hacks as quick strikes, when in reality many of them occur over time with the threat actor exercising patience and methodical tactics. We should all know by now that perimeter security and other traditional controls simply cannot keep out motivated threat actors who want to penetrate into a data ecosystem. For enterprises looking for a better solution, perhaps focus on incident mitigation rather than solely incident prevention (though this is important as well). To mitigate a hack, apply data-centric security such as tokenization or format-preserving encryption to render sensitive data elements incomprehensible to threat actors. They might get their hands on the target data, but if sensitive information cannot be read or compromised then the repercussions of the incident are greatly mitigated. Hopefully this message registers with more and more organizations moving forward.</p>

Last edited 7 months ago by Trevor Morgan
Andrew Howard
InfoSec Expert
November 23, 2021 11:32 am

<p>It was unfortunate but not surprising to hear of yet another major breach, this time of a popular Internet service that impacted more than 1.2M people. These kinds of attacks should be concerning because they don’t require sophisticated cybersecurity weapons or techniques. In this instance, the attackers were able to compromise internal tooling that did not have multi-factor authentication, one of the simplest and strongest security protections available today. </p>
<p>The dwell time between the original unauthorized access and when the attack was found was almost two and a half months. While this is faster than the time it takes most firms to find attackers, it is still concerning for such a major service provider. </p>
<p>The attackers gained access to a lot more than just e-mail addresses and usernames. They were able to extract passwords and SSL keys that could enable more sophisticated attacks other places.  With the passwords and SSL keys, the attackers could have also extracted data from the hosted websites. Overall, while we are all numb to these frequent attacks, this particular one is showing to be especially impactful.</p>

Last edited 7 months ago by Andrew Howard
Nick France
Nick France , CTO
InfoSec Expert
November 23, 2021 11:45 am

<p dir=\"ltr\">Breaches like the GoDaddy incident where a large number of private keys are compromised will ultimately lead to events where the compromised certificates all need to be revoked in a very short space of time.</p>
<p dir=\"ltr\">The impact this can have on businesses reliant on those certificates can be significant – especially on holiday weeks such as this. It highlights the importance of ensuring all enterprises manage their certificates – regardless of which CA they are from – in one interface so that the impact of such events can be minimized.</p>

Last edited 7 months ago by Nick France
Ed Williams
Ed Williams , Director EMEA, SpiderLabs
InfoSec Expert
November 23, 2021 12:13 pm

<p>A breach of this size is particularly dangerous around the holidays. Hackers try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes. Enterprises, SMBs, and individuals using frequently targeted platforms like WordPress should ensure they are following strong password best practices: complexity, frequent password changes, not sharing passwords between applications, and multi-factor authentication. If possible, utilize an authenticator app to secure your account instead of traditional two-factor authentication via SMS – as hackers have recently been targeting users with specialized SMS phishing.</p>

Last edited 7 months ago by Ed Williams
Amit Amit
Amit Amit , Director of Product Management
InfoSec Expert
November 24, 2021 12:53 pm

<p>One of the biggest concerns following any password breach is the threat of additional Account Takeovers (ATOs) on other sites due to password reuse. Cybercriminals leverage these types of data breaches for financial gain by selling the stolen credentials on the Dark Web. These stolen credentials are then used for credential stuffing and ATO attacks, which can steal value, whether that is in the form of gift cards, credit card numbers, loyalty points, or false purchases. ATO attacks are a major threat to any business and all of this just creates more fuel to feed the ATO attack fire.</p>
<p>It is much simpler and more lucrative to walk in through the front door of a digital business with valid stolen credentials than to look for holes in an organization\’s cybersecurity defenses. PerimeterX research found that 75-85% of all login attempts in the second half of 2020 were account takeover attempts.</p>
<p>Organizations need to be aware of signs that they\’ve been attacked. These can include surges in help desk calls, spikes in password resets and inhuman user behaviors, such as thousands of login attempts on an account in a short time period and then take the appropriate action to block these attacks. And on the flip-side, consumers need to ensure they are using varied and robust passwords across different websites and applications and lock down their credit reports as well. A <a href=\"\" data-saferedirecturl=\"\">layered defense model</a>  is considered the most powerful, especially when it can react to both disclosed and undisclosed breaches.</p>

Last edited 7 months ago by Amit Amit
Todd Carroll
Todd Carroll , CISO
InfoSec Expert
November 24, 2021 1:47 pm

<p>We can\’t express enough the importance of strong password security standards and good hygiene. Even with these in place, however, breaches can still happen. When organizations provide third parties with data or access to production systems, their security is no longer within their control. It is critical for companies to regularly monitor outside their immediate perimeter and identify exposed credentials well before they are leveraged by hackers and lead to data breaches like this.</p>

Last edited 7 months ago by Todd Carroll
Anurag Kahol
Anurag Kahol , CTO
InfoSec Expert
November 24, 2021 2:07 pm

<p>With many internet users holding dozens of online accounts across various services, it has become more difficult for them to memorize numerous, complex passwords. Unfortunately, password reuse has become a common malpractice that increases the chances of account hijacking when one set of a user’s credentials are leaked. More than 80% of hacking-related breaches are tied to lost or stolen credentials and it is now self-evident that passwords alone are not enough when it comes to authenticating users.</p>
<p>Consumers and businesses must work together to ensure the privacy of corporate and personal data. To properly verify the identities of their employees and customers, companies must enhance their security protocols by establishing continuous, context-based security throughout the entire login experience. Solutions like multi-factor authentication (MFA) and single sign-on (SSO) don’t require users to remember countless passwords, while also mitigating the risk of account compromise. On a consumer level, users can safeguard their digital identity by educating themselves on the risks of password reuse, following cybersecurity best practices, and staying informed on rising threats. Because we now live in a time when our daily lives revolve around the internet and our various accounts therein, identity management awareness has never been more critical.</p>

Last edited 7 months ago by Anurag Kahol
Danny Lopez
Danny Lopez , CEO
InfoSec Expert
November 24, 2021 2:11 pm

<p dir=\"ltr\">Reports of hackers gaining access to web hosting companies such as this is troubling, given the amount of data such businesses hold and the ramifications if it falls into the wrong hands. </p>
<p dir=\"ltr\">Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It\’s vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.</p>
<p dir=\"ltr\">Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.</p>

Last edited 7 months ago by Danny Lopez
Information Security Buzz
Would love your thoughts, please comment.x