CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Hacker typing on a login screen showing the data breach of GoDaddy web hosting accounts calls for a need for stronger authentication
Cyber SecurityNews
·4 min read

GoDaddy Web Hosting Accounts Data Breach Underscores Need for Stronger Authentication

Byron Mühlberg·May 20, 2020
TwitterFacebookLinkedIn

Popular web hosting and domain registrar GoDaddy has fallen victim to a data breach involving around 28,000 customers. The incident has prompted a torrent of new concerns around the safety of the company’s servers and around web hosting accounts more generally, and brought about new calls for the use of better authentication methods.

GoDaddy, the world’s largest provider of web hosting accounts, boasts an impressive 19 million customers and manages 77 million domains in total. As a result, a data breach targeting a company of such a magnitude has disastrous potential. While the full extent of the data breach has yet to be fully determined, the company has nonetheless claimed that the affected users have not suffered a significant loss of data.

What we know so far

News of a security incident at GoDaddy first surfaced in an email sent by the company’s CISO and vice president of engineering, Demetrius Comes. Addressed to the State of California Department of Justice, the email stated that an unauthorized individual had gained access to the login information of web hosting accounts that connect them to the secure shell (SSH).

The data breach incident reportedly took place on October 29 of last year, and went on undetected for six months until April 23, 2020 when GoDaddy employees noticed that a subset of one its servers was displaying suspicious activity.

It later emerged that the credentials of an unknown number of web hosting accounts were compromised, and an internal investigation into the matter has yet to reach a conclusion.

“We have no evidence that any files were added or modified on your account,” wrote Comes in the email. “The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”

What customers with web hosting accounts should know

GoDaddy has made efforts to assure its customers that, while the breach had indeed compromised millions of web hosting accounts, the damage caused by the attack had been minimal and swiftly brought under control.

Comes, for example, added in his email that GoDaddy had acted quickly and pragmatically to minimize the impact of the data breach. “We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account,” he said.

Comes assured customers that that their “main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”

GoDaddy itself released a statement on May 5, in which it confirmed that the number of customers affected stood at approximately 28,000.

“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers,” the company’s statement reads.

“We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers credentials or modified any customer hosting accounts. The individual did not have access to customers main GoDaddy accounts.”

GoDaddy data breach in context

As GoDaddy’s statement indicates, there is so far little that is known about the origin of the data breach affecting web hosting accounts. However, some speculation has circulated as to how the attack might have been launched in the first place.

Back in March, for example, a customer service representative at GoDaddy fell victim to a phishing attack. According to security news website KrebsOnSecurity, the hacker was able to view and edit several customer records—including the domain settings for a number of GoDaddy customers such as Escrow.com, a well-known transaction broker.

As technology reporter Lance Whitney points out, when a data breach typically occurs, it usually takes advantage of some underlying vulnerability or human error in order to gain unauthorized access. “Savvy cybercriminals are continually hunting for weaknesses and flaws within an organization’s network,” he writes in TechRepublic. “That’s why businesses must make a concerted effort to maintain and strengthen their security measures, especially when they hold the keys to private customer data.”

This is supported by Anurag Kahol, CTO at cybersecurity solutions firm Bitglass. According to him, the data breach serves to highlight the need for stronger cybersecurity oversight—not only for providers of web hosting accounts, but for organizations in general.

“This security incident impacting GoDaddy customers underscores why organizations need to have full visibility and control over their data,” Kahol said. “While the web hosting giant confirmed that the breach only affected hosting accounts and not customer accounts or the personal information stored within them, hackers can still leverage the database of login credentials and commit account takeover.”

More specifically, the incident provides an opportunity for more secure methods of authentication to be integrated into providers of web hosting accounts, with the traditional ‘username-password’ combination not being enough to contend with the rate at which cybercriminality has advanced in recent years.

“As unauthorized parties were able to connect to users’ hosting accounts, it’s clear stronger authentication methods are needed,” asserts Rober Prigge, CEO of Jumio. Prigge points out that GoDaddy, which was a pioneer in internet security during its fledgling years in the 1990s, still has a long way to go in this regard today.

GoDaddy’s #databreach went undetected for six months until employees noticed suspicious activity on a subset of servers. #respectdataClick to Tweet

“GoDaddy’s response to reset passwords and provide complimentary web security and malware services is simply not enough,” Prigge adds. “How can GoDaddy ensure these new passwords won’t also result in unauthorized account access once the year ends?”

 

TwitterFacebookLinkedIn
Tags
Data BreachWeb Hosting Account
Byron Mühlberg
Staff Correspondent at CPO Magazine
Byron Mühlberg is a journalist with particular interest in writing on matters relating to technology, business, and economics.
Related
Unlocked red padlock showing healthcare data breach by LockBit ransomware
Cyber SecurityNews

LockBit Ransomware Responsible for Data Breach of Major Medicaid Dental Provider, 8.9 Million Patient Records Exposed

June 7, 2023
Stethoscope on keyboard showing healthcare data breach
Cyber SecurityNews

Apria Healthcare Data Breach Exposed Sensitive Information of Nearly 2 Million Patients

June 1, 2023
Large white Sysco food delivery truck showing food distributor data breach
Cyber SecurityNews

Food Distributor Sysco Suffers Data Breach Leaking Customer and Employee Personal Information

May 22, 2023
Doctor holding tablet showing data breach exposed patient records
Cyber SecurityNews

NextGen Healthcare Data Breach Leaks 1 Million Patient Records, including Social Security Numbers

May 18, 2023
T Mobile storefront showing second data breach
Cyber SecurityNews

T-Mobile’s Second Data Breach of 2023 Impacts Fewer Customers, But Involves Much More Sensitive Information

May 8, 2023
Hands of hackers typing on keyboard showing data breach of user credentials
Cyber SecurityNews

American Bar Association’s Data Breach Exposes User Credentials of 1.4 Million Members

April 28, 2023
TitleMax in strip mall showing data breach at consumer lender
Cyber SecurityNews

Consumer Lender TMX Finance Suffers a Data Breach Impacting Millions

April 7, 2023
OV-gates at railway station showing data breach of market research firms
Cyber SecurityNews

Data Breach of Dutch Market Research Firms Impacts Millions, Includes Some Income Information

April 6, 2023

Latest

Hacker using laptop showing cyber attack on payroll provider

BBC, British Airways Among Those Compromised by Supply Chain Cyber Attack on Payroll Provider

Icons of cyber security and data protection showing CPRA compliance and DPSM for security posture

Achieving CPRA Compliance Requires a Strong DSPM Strategy

Hammer of a judge on a pile of dollar notes showing privacy lawsuit settlement for Amazon Ring

Amazon Privacy Lawsuit Settlement: $5.8 Million for Ring Privacy Violations

Man with robotic hand pointing at technology dashboard showing AI and information risk assessments

5 Ways to Implement AI During Information Risk Assessments

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Categories

Data Privacy
Data Protection
Cyber Security
Tech
Insights
News
Resources
Press Releases

Stay Updated

© 2023 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results