GoDaddy Data Breach: Why Businesses Need to Tighten Up Cybersecurity to Protect Customer Data

Leave a Comment / By /

GoDaddy Data Breach: Here Is What You Should Know

The web hosting supplier and domain registrar GoDaddy was struck by a data breach that jeopardized the accounts of some 28,000 clients. The company submitted a Breach Notification to the California Attorney General's Office, where they confirmed that the suspicious behavior occurred on several of its servers on October 19, 2019. Following a detailed analysis, GoDaddy managed to learn that an unauthorized person had gained access to the login details of their customers using SSH (Secure Shell) to communicate with their hosting accounts.

The company provided further details in the following statement:

Scam Detectors Most Trusted Websites in Online Security
  1. Guard.io (100): Surf the web safely. Clean up your browser, remove maliscious extensions and check for privacy violations.
  2. Incogni.com (100): Delete your personal data from the internet and protect against scams and identity theft.
  3. ExpressVPN (100) Stay secure and anonymous online - Best VPN Out There

“On April 23, 2020, we identified an unauthorized individual who had compromised SSH usernames and passwords in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers' credentials or modified any customer hosting accounts.

The individual did not have access to customers' main GoDaddy accounts.” The breach came hot on the heels of another GoDaddy scam doing the rounds currently.

 

More on SSH

SSH creates a safe way to interact with remote systems and exchange files over the network. With a company like GoDaddy, SSH keys are used from the customer's side to connect to their hosting accounts, transfer or upload files, and run commands through a command line.

In its published notification, the company stated that it did not find any evidence that any files had been added or modified for the accounts affected. However, it continued to examine the potential impact. The event was confined to user hosting accounts and did not affect actual customer accounts. Since then, the person identified in the violation has been blocked from GoDaddy's systems.

GoDaddy has advised users to inspect their hosting accounts. The company also stated that it would provide any of its affected customers with one free year of “Express Malware Removal” and “Website Security Deluxe” services that will inspect customer webpages for any vulnerabilities.

The GoDaddy Breach

Godaddy did not disclose the actual cause of the breach,  but in March, one of the company's customer service representatives was trapped by a phishing email. The attacker was able to access and alter several customer records, which included the domain settings for several GoDaddy customers, such as the transaction brokering site escrow.com. In a follow-up notification, escrow.com CEO Matt Barrie stated that his corporation regained full control of his DNS entries.

In the event of a data breach, the identified system vulnerability or error is generally blamed for unauthorized access. Knowledgeable hackers are continually hunting for weaknesses and flaws within an organization's network, especially when it comes to user's mobile security. That's why businesses need to make a conscious effort to preserve and reinforce their data protection measures, especially when they retain keys to confidential customer information.

It is not clear if GoDaddy's data breach was due to the re-use of earlier stolen data or to brute-force attacks. Many believe it may have originated via the published incident of the support employee that was successfully phished.

Irrespective of how the unauthorized access was achieved, it is a strong reaffirmation that monitoring how privileged logins are used, not just accepted, can be the difference between identifying an active attack or being utterly unaware of an intrusion.

This specific breach of data should be a significant concern for GoDaddy's existing customers. Any unauthorized access to SSH accounts would not have occurred if the company used multi-factor authentication (MFA) or privileged access management (PAM) for remote access accounts.

Data breaches like this one on a sizable web hosting provider concern because they open the doors to almost all of their customers' businesses through the unauthorized modifications to their websites. And GoDaddy isn't alone. A recent report by London-based database administrator Alex Williams found that 17 of 33 of the top UK hosting providers had been victim to a data breach within the last year. What's worse, these breaches allow hackers to make adjustments to the existing web services on the affected websites, exposing customer information like credit card details and passwords.

SSH keys are widely used to securely and remotely connect cloud-based systems, VPNs, and any suitable connected devices. An SSH key in the hands of the wrong people has the potential to decimate an organization. These keys can be used to override data, install malware, access critical systems, install malware, and bypass data encryption software.

Although this was previously a niche choice for well-funded, malicious hackers who were disrupting governments and vital service providers, companies of all sizes could be on the losing end of such cyber-warfare.

It is possible to ruin a hacker's day by protecting SSH keys from their prying eyes. Prevention, like any cyber-threat, is better than cure. Visibility and transparency are crucial factors if the possibility of SSH being compromised is to be minimized.

It is vital to have a robust public key infrastructure. Encryption keys and their safe storage are incredibly significant. If these are broken, it will weaken the whole organization's infrastructure. Any company that uses SSH keys should have a secure, up-to-date log of every active key throughout the company, endpoint protection implemented on server-based workloads, and VPN connections for any related cloud services. Businesses should also consider encryption brokers for cloud access to handle the SSH keys.

 

What Customers Can Do

Customers and users should always apply the appropriate and suggested safety measures to safeguard their online accounts. It is still worth reiterating the following guidelines:

  • Have a strong password.  Managing all of the passwords you use online can be a challenge. But you still have to develop and implement a reliable password methodology to keep your accounts as safe as possible from cybercriminals. If you don't know how to create or remember secure passwords, your best option is to make use of a password manager. Most antivirus software, as well as some browsers such as Chrome and Safari, now include the technology as part of their service offering.
  • Use two-step (or multi-factor) verification. By using a  verification code that gets sent to your mobile phone or email, you are providing a secondary layer in verifying your credentials. Even if a malicious attacker had access to your login details, that person would not be able to sign in to your account without having the corresponding code.

 

How To Report and Online Scammer

Make your family and friends know about this article by sharing it on social media using the buttons provided. You can also officially report the scammers to the Federal Trade Commission using the link below:

Report To The FTC Here

 

How To Prevent Identity Theft and More

If you want to be the first to find out the most notorious scams every week, feel free to subscribe to the Scam Detector newsletter here. You'll receive periodic emails – we promise not to spam. Last but not least, use the Comments section below to expose other scammers.

Verify a website below

Are you just about to make a purchase online? See if the website is legit with our validator:

vldtr®

loding img
Searching: Domain age, Alexa rank, HTTPS valid, Blacklisting, SSL certificates, Source code, Location, IP address, WOT Trustworthiness, Spam reports, Advanced technology, Privacy Policy, Terms of Use, Contact options
identity theft protection

TOP 4 MUST-WATCH FRAUD PREVENTION VIDEOS

1. Top 5 Amazon Scams in 2024
 
2. Top 5 PayPal Scams in 2024
 
3. How To Spot a Scam Email in 2024
selma hrynchuk
Selma HrynchukSelma is a fraud prevention specialist renowned for her expertise in private eye investigations and a remarkable partnership with law enforcement agencies. Beyond her investigative triumphs, her public speaking engagements and written works have empowered countless individuals to protect themselves and stay ahead of deceptive schemes. Selma's legacy shines as a tenacious agent of change, unyielding in her commitment to battling fraud and ensuring a safer world for all.

Leave a Comment

Your email address will not be published. Required fields are marked *

  • Submit a scam

    Get Notified About the Newest Scams in Your Country

    Subscribe Form

  • Follow Us

Find Scams
Find Scams