GoDaddy Discloses Security Breach

October 9, 2023

GoDaddy discloses security breach. Stay informed about the latest developments in this cybersecurity incident. GoDaddy is a domain name registrar and web hosting provider with more than 20 million customers worldwide. The company recently admitted to a massive data breach that impacted its Managed WordPress hosting environment.

The breach reportedly exposed authentication information including WordPress admin login, sFTP, and database usernames and passwords. It also exposed SSL private keys for a subset of customers.

What You Need to Know About the GoDaddy Years Long Breach

GoDaddy is the world’s largest domain registrar and web hosting service. In a filing with the Securities and Exchange Commission, GoDaddy announced a data breach that affected 1.2 million customers. The company reported that an unauthorized third party gained access to its Managed WordPress environment on September 6 using a compromised password and continued to gain access until November 17. The hackers were able to steal email addresses, database logins, SSH keys and more.

The breach also exposed SSL certificates, the digital identities that bind websites to their respective domains and ensure security. The theft of these certificates allows attackers to intercept and impersonate a site, which can lead to phishing attacks, malware infections and rogue SSL sites. The breach should serve as a reminder to organizations of the importance of managing digital certificates and implementing an automated Certificate Lifecycle Management (CLM) solution that can revoke and reissue thousands of certificates in minutes, rather than the hours it takes to do so manually.

Despite the fact that GoDaddy’s breach has caused considerable damage, the company can still recover from this event by building trust with its customers. As users today are increasingly becoming more cyber-aware and making more secure choices, companies like GoDaddy that offer products and services relating to online security need to demonstrate that they have their clients’ best interests in mind.

One of the ways GoDaddy can do this is by ensuring that all of their employees are properly trained on cyber-security. This will help them spot the warning signs of a possible attack and take the appropriate actions to protect their clients’ information and systems.

In addition, if a customer notices a change to their website, it’s important that they check the security of their site. If they see that their SSL certificate has been revoked or reissued, they need to make sure they are using the new certificate. They also need to check their email addresses for phishing emails that may have been sent to them by attackers. Look for misspellings and unusual capitalizations in the emails, as these are indicators of a potential phishing attack.

Lastly, GoDaddy argues that it cannot be liable for unjust enrichment because its Reseller Agreement and Third Addendum required the company to “endeavor to promote” SiteLock’s services. The expert report in this case, however, reveals that GoDaddy’s assertions do not stand up to scrutiny. The Court therefore finds that GoDaddy does not establish its affirmative defense of MFN set-off/recoupment, estoppel and unjust enrichment, and thus grants the motion for partial summary judgment.

What You Need to Do

If you’re a GoDaddy customer, there are several things you need to consider. For one, you may want to change your SFTP passwords to something very difficult to guess or crack. If you have SSL certificates, make sure they’re updated, as well. However, that’s a process that will take time. You can also consider incorporating short-lived SSL certificates to mitigate current vulnerabilities in the long term, suggests Murali Palanisamy, chief solutions officer for AppViewX.

Ammar Fakhruddin

ABOUT AUTHOR

Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.


Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events

Solutions

Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing

Resources

Blog

About Us