CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Hacker typing on a login screen showing the data breach of GoDaddy web hosting accounts calls for a need for stronger authentication
Cyber SecurityNews
·4 min read

GoDaddy Web Hosting Accounts Data Breach Underscores Need for Stronger Authentication

Byron Mühlberg·May 20, 2020
TwitterFacebookLinkedIn

Popular web hosting and domain registrar GoDaddy has fallen victim to a data breach involving around 28,000 customers. The incident has prompted a torrent of new concerns around the safety of the company’s servers and around web hosting accounts more generally, and brought about new calls for the use of better authentication methods.

GoDaddy, the world’s largest provider of web hosting accounts, boasts an impressive 19 million customers and manages 77 million domains in total. As a result, a data breach targeting a company of such a magnitude has disastrous potential. While the full extent of the data breach has yet to be fully determined, the company has nonetheless claimed that the affected users have not suffered a significant loss of data.

What we know so far

News of a security incident at GoDaddy first surfaced in an email sent by the company’s CISO and vice president of engineering, Demetrius Comes. Addressed to the State of California Department of Justice, the email stated that an unauthorized individual had gained access to the login information of web hosting accounts that connect them to the secure shell (SSH).

The data breach incident reportedly took place on October 29 of last year, and went on undetected for six months until April 23, 2020 when GoDaddy employees noticed that a subset of one its servers was displaying suspicious activity.

It later emerged that the credentials of an unknown number of web hosting accounts were compromised, and an internal investigation into the matter has yet to reach a conclusion.

“We have no evidence that any files were added or modified on your account,” wrote Comes in the email. “The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”

What customers with web hosting accounts should know

GoDaddy has made efforts to assure its customers that, while the breach had indeed compromised millions of web hosting accounts, the damage caused by the attack had been minimal and swiftly brought under control.

Comes, for example, added in his email that GoDaddy had acted quickly and pragmatically to minimize the impact of the data breach. “We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account,” he said.

Comes assured customers that that their “main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”

GoDaddy itself released a statement on May 5, in which it confirmed that the number of customers affected stood at approximately 28,000.

“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers,” the company’s statement reads.

“We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers credentials or modified any customer hosting accounts. The individual did not have access to customers main GoDaddy accounts.”

GoDaddy data breach in context

As GoDaddy’s statement indicates, there is so far little that is known about the origin of the data breach affecting web hosting accounts. However, some speculation has circulated as to how the attack might have been launched in the first place.

Back in March, for example, a customer service representative at GoDaddy fell victim to a phishing attack. According to security news website KrebsOnSecurity, the hacker was able to view and edit several customer records—including the domain settings for a number of GoDaddy customers such as Escrow.com, a well-known transaction broker.

As technology reporter Lance Whitney points out, when a data breach typically occurs, it usually takes advantage of some underlying vulnerability or human error in order to gain unauthorized access. “Savvy cybercriminals are continually hunting for weaknesses and flaws within an organization’s network,” he writes in TechRepublic. “That’s why businesses must make a concerted effort to maintain and strengthen their security measures, especially when they hold the keys to private customer data.”

This is supported by Anurag Kahol, CTO at cybersecurity solutions firm Bitglass. According to him, the data breach serves to highlight the need for stronger cybersecurity oversight—not only for providers of web hosting accounts, but for organizations in general.

“This security incident impacting GoDaddy customers underscores why organizations need to have full visibility and control over their data,” Kahol said. “While the web hosting giant confirmed that the breach only affected hosting accounts and not customer accounts or the personal information stored within them, hackers can still leverage the database of login credentials and commit account takeover.”

More specifically, the incident provides an opportunity for more secure methods of authentication to be integrated into providers of web hosting accounts, with the traditional ‘username-password’ combination not being enough to contend with the rate at which cybercriminality has advanced in recent years.

“As unauthorized parties were able to connect to users’ hosting accounts, it’s clear stronger authentication methods are needed,” asserts Rober Prigge, CEO of Jumio. Prigge points out that GoDaddy, which was a pioneer in internet security during its fledgling years in the 1990s, still has a long way to go in this regard today.

GoDaddy’s #databreach went undetected for six months until employees noticed suspicious activity on a subset of servers. #respectdataClick to Tweet

“GoDaddy’s response to reset passwords and provide complimentary web security and malware services is simply not enough,” Prigge adds. “How can GoDaddy ensure these new passwords won’t also result in unauthorized account access once the year ends?”

 

TwitterFacebookLinkedIn
Tags
Data BreachWeb Hosting Account
Byron Mühlberg
Staff Correspondent at CPO Magazine
Byron Mühlberg is a journalist with particular interest in writing on matters relating to technology, business, and economics.
Related
Exterior of T-Mobile store showing data breach
Cyber SecurityNews

T-Mobile Data Breach: Hacker Accessed Personal Details of 37 Million Subscribers

January 27, 2023
Lock on hard disk showing encryption key stolen for encrypted backups
Cyber SecurityNews

Encrypted Backups, Encryption Key Stolen From GoTo in Hack

January 27, 2023
Black Nissan car showing third-party data breach
Cyber SecurityNews

A Third-Party Data Breach Exposed the Personal Information of 18,000 Nissan Customers

January 26, 2023
General Data Protection Regulation on screen showing GDPR fines and data breach
Data ProtectionNews

DLA Piper Annual GDPR and Data Breach Report: 2022 a Record Year for GDPR Fines Despite Drop in Breach Count

January 25, 2023
Pedestrians cross at Shibuya Crossing in Tokyo, Japan showing data breach of insurance policyholder records
Cyber SecurityNews

Data Breach Exposed 2 Million Aflac and Zurich Insurance Policyholders’ Records

January 20, 2023
Fingers hold a closed security lock on the background of the Twitter logo showing Irish DPC probe of data breach
Data ProtectionNews

Irish DPC Adds Late December Data Breach of 400 Million Twitter Users To Existing Probe of API Vulnerabilities

January 5, 2023
Hand over smartphone with master key lock showing password vaults breached
Cyber SecurityNews

Encrypted LastPass Password Vaults, Customer Information Stolen in November Breach

December 30, 2022
Uber Taxi car on the road showing Uber data breach by third party vendor
Cyber SecurityNews

Uber Data Breach of Employee Information Caused by Third-Party Vendor

December 16, 2022

Latest

Chick-fil-A restaurant showing privacy lawsuit over data collection

Chick-fil-A Hit With Privacy Lawsuit Over Data Collection Embedded in Viral Video Marketing Campaign

Man pointing at HR icons showing AI use in HR processes

AI in HR – How To Make Use of the New Hype in a Compliant Manner

Privacy’s Shifting Left: Are You Ready To Move?

Airline passengers in an international airport showing no fly list in data leak

Wanted Hacker Accessed Federal No Fly List on an Unsecured Airline’s Server

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results