24 Nov 2021
Cyber Attack: GoDaddy Hacked
In 2021, the hacker hits keep coming! Look out for upcoming information on forecasted trends in 2022 soon.
With headlines awash in reports of bigger and more alarming hacking activity month after month, the latest comes from major domain registrar and web hosting company GoDaddy, which announced on Monday that it had discovered a data breach on November 17.
GoDaddy’s November 22 filing with the Securities and Exchange Commission [i] noted that they detected the breach when they noted suspicious activity in their Managed WordPress hosting environment. The subsequent investigation determined that an unauthorized third party had used a compromised password to gain access to the provisioning system in the legacy code base for Managed WordPress beginning on September 6, 2021.
Though the hacker was blocked from GoDaddy’s systems when the intrusion was detected, the damage had already been done.
What Did The Hacker / Attacker Have Access To?
According to the filing, the breach affects 1.2 million active and inactive Managed WordPress users. The information exposed includes:
- Email addresses and customer numbers. The exposure of this information could put users at greater risk for phishing attacks.
- The original WordPress admin password created when WordPress was first installed. This information could be used to access a customer’s WordPress server.
- Active customer data, including:
- Their sFTP credentials, which is used for file transfers.
- The username and password for their WordPress database, which stores all their content.
- For a smaller subset of active customers, their SSL (Secure Socket Layer) private key. These credentials could allow a hacker to effectively impersonate a customer’s website or services.
The steps the company has taken to remediate the problem include:
- Resetting original WordPress admin passwords (if those credentials were still in use).
- Resetting passwords for sFTP and database access.
- Issuing and installing new SSL certificates for affected customers.
In the statement, chief information security officer Demetrius Comes also noted the investigation was ongoing and that GoDaddy was taking steps to add protection to their provisioning system.
Are You Affected By A Data Breach On GoDaddy?
Unfortunately, the scenario here is an all-too-familiar one.
When a hacker infiltrates your system, they don’t just lock it up and demand a ransom anymore; their objective is to remain undetected for as long as possible.
In GoDaddy’s case, the unauthorized user had over two months of access to GoDaddy’s 20 million global customers before any red flags went up. It’s unclear if the company could have taken additional security measures (such as two-factor authentication) to prevent the initial access. One thing this hack highlights, though, is the importance of regular, ongoing security scans and monitoring, regardless of what cybersecurity measures you have in place.
Who knows how many more of GoDaddy’s clients might have been affected had they not performed the scan that finally spotted the suspicious activity?
That being said, it’s also not safe to assume that all the damage from the breach has been detected (or has even occurred) yet, and the customers whose data was stolen will need to proceed with caution until they can properly determine if their WordPress sites have been compromised or not.
What we do know is that if affected companies aren’t already working with cybersecurity professionals to safeguard their systems? There’s no time like the present to bring in a cybersecurity expert. Having a knowledgeable team scan a system will help businesses spot vulnerabilities and tell them with certainty whether or not their site is harboring malware or leaving a backdoor open for hackers.
Are You Prepared?
There’s a better time to hire a cybersecurity firm to examine your system than after a hack—and that’s before one has occurred.
It’s much easier and much less costly to make your business an unattractive prospect for hackers BEFORE they have launched a successful cybersecurity attack on your business. Always remember: HACKERS ARE LAZY!!! They are looking for an easy target. If you have a cybersecurity portfolio that is well-implemented, cybercriminals are much more likely to get fed up and look elsewhere for the low-hanging fruit.
An ounce of prevention is worth a pound of cure.
Petronella Technology Group (PTG) can conduct a thorough security audit and risk assessment that tells you exactly where your vulnerabilities are and how to fix them. Our goal is to help prevent hacks, ransomware attacks, and other cybercrimes, so you can focus on your business in the knowledge that your data and systems are secure.
To find out more about how PTG can help you secure your systems before disaster strikes, contact us here or call 919-646-3780.