GoDaddy Inc. has suffered a data breach with the web hosting accounts of some 28,000 customers affected.
The data breach itself involved an unknown person accessing accounts using SSH in October with the breach only discovered late last month when GoDaddy noticed suspicious activity on a several servers.
Affected customers have had their hosting account login information reset to prevent further access are have been advised to conduct an audit of their hosting accounts to make sure that everything is in order. GoDaddy said in a statement that it had “no indication the individual used our customers’ credentials or modified any customer hosting accounts” and that “the individual did not have access to customers’ main GoDaddy accounts.”
“It is astonishing that GoDaddy was unable to detect unauthorized access to SSH account credentials for about eight months,” James Carder, chief security officer and vice president of LogRhythm Labs told SiliconANGLE. “It is easy to assume that GoDaddy, as the world’s largest domain registrar, would have proper security in place to prevent, detect, and respond to these types of threats. GoDaddy should have had stricter SSH security measures in place rather than just a simple username and password.”
Dr. Vinay Sridhara, chief technology officer of enterprise cybersecurity firm Balbix Inc. noted that “the unauthorized individual had plenty of time to access login credentials of SSH accounts and even though GoDaddy has confirmed that the individual is now blocked from their systems, the account credentials have still been compromised.”
“Unfortunately, so many consumers have poor password hygiene and use weak and reused credentials for several of their online accounts – if not all of them,” Sridhara added. “Every GoDaddy customer must make certain that any matching or similar login credentials to personal and/or work accounts have been updated using unique passwords, and be on high alert for forthcoming targeted attacks. This is especially critical to consider amid COVID-19, given that cyberattacks related to the pandemic continue to rise.”
Mark Rogan, dynamic application security testing manager, vulnerability verification Europe, application security company WhiteHat Security Inc. said that “there are few breaches that are more serious to account owners than this. If an attacker gains access to the Admin credentials for a website, then the sky’s the limit as to what they can do. They could delete the entire website, which would result in a temporary outage until a backup was restored, or they could deface the site with whatever they chose to damage its reputation.”
“The more serious result would be if the attacker were to mass install harmful scripts on the site that infected all users visiting the page,” Rogan explained. “This could possibly lead to the users’ personal devices being compromised. The main concern here is the end-user would have no way of knowing the site they are on is compromised, and they would likely have full trust in whatever the site may ask of them.”
There are still some unknowns about the data breach. “It’s unclear whether GoDaddy’s reported incident was because of the re-use of previously stolen credentials or from brute force attacks,” Matt Walmsley, EMEA director at cloud-native protection firm Vectra AI Inc. said. “There have also been recent reports of GoDaddy’s support employees being successfully phished, which might be connected. Regardless of how the unauthorized access was gained, it’s a sharp reminder that the monitoring of how privileged credentials are used, not just granted, can make the difference between detecting an active attack and being blissfully ignorant to a breach.”
Photo: GoDaddy/Wikimedia Commons
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.