GoDaddy Data Breach

On November 22, 2021 GoDaddy, an American publicly traded Internet domain registrar and web hosting company announced a security incident that affects Managed WordPress Service. The incident happened on November 17, 2021 when the company discovered unauthorized third-party access to their Managed WordPress hosting environment.
The investigation currrently runs but GoDaddy ascertained that from the beginning of September 6, 2021, the unauthorized third party used the vulnerability to gain access to the varied customer information.

American internet domain registrar suffered massive data breach

“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” Demetrius Comes, Chief Information Security Officer.

Upon the detection, the company immediately blocked the unauthorized third party from the system. GoDaddy contacted directly all impacted customers with specific details. Company already informed appropriate law enforcement and with the help of an IT forensics firm began an investigation.

Soon after the data breach discovery the company acquired the next facts and possible solutions concerning it:

  • For a subgroup of operating customers, attackers exposed the SSL private key. GoDaddy righ now runs the process of installing and issuing new certificates for those customers;
  • The original WordPress Admin password that company issued at the time of providing attackers also exposed. If those credentials were still in use, they reset those passwords;
  • Again, for operating customers, sFTP and database usernames and passwords were exposed. Company reset both passwords together;
  • Nearly 1.2 million operating and non-operating Managed WordPress customers had their customer number and email address exposed. The exposure of email addresses has a risk of potential phishing attacks endangering.
  • Spammers used GoDaddy subdomains to conduct large campaing

    Last year GoDaddy got on the news when spammers used its 15,000 subdomains to redirect to spam pages with some of them impersonating popular and well trusted websites. The spam campaign changed its behavior over some time but still allowed automatic identification. The initial inducement came via email and the URL was changed into a short link. Spammers did so in order to keep the potential victims oblivious about the prime landing place.

    One Palo Alto Networks customer received hundreds of these spam emails. The activity meant to be part of the affiliate marketing business. That means when advertisers pay affiliates to promote their products. Principally, an advertiser pays for traffic that will redirect to their sale page. Technically, specialists deem it as a legitimate thing, but when affiliates use such slapdash methods for traffic generation, it puts the additional burden on the marketing company to filter out these.

    Andrew Nail

    Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.

    Leave a Reply

    Back to top button