UPDATED 21:50 EDT / MAY 05 2020

SECURITY

28,000 web hosting accounts exposed in GoDaddy data breach

GoDaddy Inc. has suffered a data breach affecting the web hosting accounts of 28,000 customers.

The data breach involved an unknown person accessing accounts using Secure Shell or SSH cryptographic network protocol in October. It was only discovered late last month when GoDaddy noticed suspicious activity on several servers.

Affected customers have had their hosting account login information reset to prevent further access and have been advised to conduct an audit of their hosting accounts to make sure that everything is in order. GoDaddy said in a statement today that it had “no indication the individual used our customers’ credentials or modified any customer hosting accounts” and that “the individual did not have access to customers’ main GoDaddy accounts.”

“It is astonishing that GoDaddy was unable to detect unauthorized access to SSH account credentials for about eight months,” James Carder, chief security officer and vice president of LogRhythm Labs, told SiliconANGLE. “It is easy to assume that GoDaddy, as the world’s largest domain registrar, would have proper security in place to prevent, detect and respond to these types of threats. GoDaddy should have had stricter SSH security measures in place rather than just a simple username and password.”

Vinay Sridhara, chief technology officer of enterprise cybersecurity firm Balbix Inc., noted thathe unauthorized individual had plenty of time to access login credentials of SSH accounts.

“Unfortunately, so many consumers have poor password hygiene and use weak and reused credentials for several of their online accounts – if not all of them,” Sridhara said. “Every GoDaddy customer must make certain that any matching or similar login credentials to personal and work accounts have been updated using unique passwords, and be on high alert for forthcoming targeted attacks. This is especially critical to consider amid COVID-19, given that cyberattacks related to the pandemic continue to rise.”

Mark Rogan, dynamic application security testing manager for vulnerability verification in Europe at application security company WhiteHat Security Inc., said that there are few breaches more serious to account owners than this kind.

“If an attacker gains access to the admin credentials for a website, then the sky’s the limit as to what they can do,” he said. “They could delete the entire website, which would result in a temporary outage until a backup was restored, or they could deface the site with whatever they chose to damage its reputation.”

The more serious result, he added, would be if the attacker were to mass install harmful scripts on the site that infected all users visiting the page. “This could possibly lead to the users’ personal devices being compromised,” he said. “The main concern here is the end-user would have no way of knowing the site they are on is compromised, and they would likely have full trust in whatever the site may ask of them.”

There are still some unknowns about the data breach. “It’s unclear whether GoDaddy’s reported incident was because of the reuse of previously stolen credentials or from brute force attacks,”said Matt Walmsley, Europe, Middle East and Africa director at cloud-native protection firm Vectra AI Inc. “There have also been recent reports of GoDaddy’s support employees being successfully phished, which might be connected. Regardless of how the unauthorized access was gained, it’s a sharp reminder that the monitoring of how privileged credentials are used, not just granted, can make the difference between detecting an active attack and being blissfully ignorant to a breach.”

Photo: GoDaddy/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU