GO DADDY HACKED

 

On 17 November, web hosting and website domain registrar company, Go Daddy, was subject to a massive cyberattack that saw 1.2 million active and inactive WordPress users have their email addresses and customer numbers compromised. Through a Single-Point-of-Failure (SPoF) attack, the cybercriminals were also able to access the WordPress admin passwords and usernames for all the accounts. Moreover, a small subset of Go Daddy customers also had the credentials of their SSL certificates leaked. With hackers now targeting web hosting platforms, cyber analytics firm, CyberCube, stated that the breach should serve as a wake-up call to both the insurance and reinsurance industries.

GO DADDY GOES FROM BLACK TO RED

 

Go Daddy is an American publicly traded Internet domain registrar and web hosting company with over 20 million customers and 7,000 employees across the globe. In 2020, the Arizona headquartered business has a revenue of $3.3 billion with a net loss of $495 million. The year before, Go Daddy made a profit of $137 million. In 2019, the company was subject to a security breach that affected 28,000 customers’ hosting accounts. The breach lasted for a period of six months before detection by the company’s security team on 23 April 2020. The breach targeted customer’s hosting information, compromising the usernames and passwords of the accounts involved. Now, suffering a loss of almost $0.5 billion and being cited as betraying the trust of over 1 million of its loyal customers, what next for the web hoster?

 

WHAT HAPPENED?

 

Go Daddy described the cause of the intrusion as a vulnerability, typically a flaw in software coding. However, in Go Daddy’s case, it was more like a lapse in robust IT security and monitoring. After the web-hoster informed the United States Security and Exchange Commission (SEC) of the breach, an investigation revealed that third-party access had occurred on 6 September and went unnoticed for more than 2 months. Whatever Go Daddy’s excuse for failing to recognise the intrusion, many would construe it as unabated negligence.

 

WHO SAID WHAT?

 

Go Daddy seemed intent on covering up its negligence claiming it was due to a vulnerability and issued a sweeping statement which read:

 

“Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”

 

However, upon investigation, WordFence, a security provider for WordPress discovered that Go Daddy’s Managed WordPress hosting stored Secure File Transfer Protocol (SFTP) usernames and passwords in a manner that did not conform to industry best practices. SFTP is a file transfer protocol enabling the secure uploading and downloading of files from a hosting server. A statement from WordFence read:

 

“GoDaddy stored SFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.”

 

EVEN MORE DAMAGE

 

It appears that Go Daddy’s woes don’t end with the breach of some 1.2 million accounts. WordFence stated that cybercriminals had access to website databases beyond WordPress which could lead to accessing website customer information and sensitive information stored on e-commerce sites. WordFence also stressed that changing the passwords of compromised sites might be too late and said:

 

“…the attacker had nearly a month and a half of access during which they could have taken over these sites by uploading malware or adding a malicious administrative user. Doing so would allow the attacker to maintain persistence and retain control of the sites even after the passwords were changed.”

 

PROTECT YOURSELF NOW

 

Whatever the reasons for Go Daddy’s lax approach to protecting its clients’ sensitive data, the fact remains that information has been stolen and trust has been betrayed. Neither has to happen to you. Zhero has more than 20 years of experience in professional IT management for businesses. We know how to protect data and we know how to protect IT networks. You don’t need to be concerned about the integrity of your IT, your cybersecurity,  or the safety of your data. Give Zhero that responsibility. Contact us now and find out how.