What is GoDaddy?
Founded in 1997, GoDaddy is a domain and web hosting service provider.
The company became a household name for web hosting beginning in 2007 thanks to aggressive marketing campaigns that saw the company airing racy Super Bowl commercials, sometimes starring athletes or movie stars, for nearly a decade.
In 2013, the company decided to forgo its controversial advertising in an effort to foster a more professional, less polarizing brand image.
In the eight years from 2012 to 2020, GoDaddy acquired nearly two dozen other companies ranging from smaller competitors to email and calendar management services. With more than 20 million users, over 7 thousand employees and more than 80 million domains under its umbrella, GoDaddy is currently the world’s largest web hosting and domain registrar.
Past GoDaddy security incidents
Aside from controversial business practices and questionable advertising, GoDaddy has had two major security incidents take place in the recent past.
In 2019, GoDaddy took down 15,000 fraudulent domains that were being used by criminals to scam people into purchasing illegitimate products and supplements.
In October of that same year, GoDaddy experienced a security breach that affected 28,000 user accounts. The breach, lasting for six months, was finally detected in April of 2020. Usernames and passwords were reportedly exposed while the breach was active.
The November, 2021 hack of GoDaddy
On November 17, 2021, GoDaddy filed a report with the Securities and Exchange Commission (SEC) confirming that an unauthorized user had somehow accessed its WordPress hosting environment.
The breach is said to have begun on September 6, 2021 and resulted in the theft of email addresses and customer numbers associated with over one million user accounts. This means that the breach continued undetected for over two months.
According to the company’s Chief Information Security Officer, Demetrius Comes, GoDaddy “identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.”
Some users have had their sFTP and database credentials compromised while others have had logins exposed that may allow a hacker to impersonate their website.
The breach has also affected resellers of GoDaddy’s hosting services, with six companies thus far sending their customers messages addressing the exposure of their data.
While it is currently unclear exactly how, the actor is said to have accessed GoDaddy’s environment using a compromised password. It is not known if the password in question was gained via a previous hack, a phishing attempt or was merely weak enough to have been guessed accurately.
WordFence, a company specializing in WordPress security, reports that GoDaddy was also not responsibly encrypting user passwords.
According to WordFence, “GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.”
Without an adequate means of encrypting logins in place, GoDaddy user data was not only poorly protected but also formatted in such a way that they could be read with ease once reached.
GoDaddy has also yet to make an official statement on whether or not access to the system was protected with multi-factor identification, leaving some to speculate that perhaps the world’s largest domain registrar is hesitant to reveal a lapse in basic cybersecurity protocols safeguarding their customers.
What happens now?
What is especially interesting in this particular incident is the fact that the threat actors did not initiate a ransomware attack against GoDaddy.
When one considers the company’s coffers, as well as the amount of data stolen and customers affected, the absence of ransomware leads one to wonder if this breach is merely the tip of the iceberg or if it was detected before it could be fully realized. The fact that the attack persisted for 72 days while most ransomware attacks take less than four hours to initiate further deepens the mystery.
It is unknown what the stolen data will be ultimately used for. Since the attackers made off with email addresses as well as data related to users’ domain and hosting credentials, the biggest current risk to users affected by the recent hack of GoDaddy is phishing attempts.
Scam and phishing attempts statistically increase in frequency during the holiday season. As e-commerce transactions skyrocket, hackers look to capitalize on the chaos, stress and distraction that the biggest shopping season of the year results in. It is possible that the attack was simply initiated for the sole purpose of launching phishing emails while people are most vulnerable.
For its part, GoDaddy has yet to offer affected customers any complimentary credit or identity monitoring services. The company has, however, issued the following statement:
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
Don’t get hacked like GoDaddy
As current events have demonstrated, time and again we bear witness to major companies and organizations who have either not prioritized their cybersecurity or allowed their defenses to lapse over time. While most people can do little with regard to the security practices followed by the companies trusted with their data, small business owners and individuals alike can do their part to maintain good personal cybersecurity by following these basic tenets:
1: Stay vigilant. Follow cybersecurity news blogs and check in regularly with online cybersecurity resources. The cybersecurity landscape is ever changing. Be sure to remain privy to expected trends and prepared to defend your network today against the threats of tomorrow.
2: Stay updated. Many hacks and breaches are made possible by users hanging on to outdated software and hardware. Be sure that your system is up to date with the latest security patches. You can refresh your hardware economically by purchasing refurbished equipment from a reputable supplier.
3: Keep your staff trained. Teach your staff how to spot phishing attempts and illegitimate links and inquiries. All it takes is one click to allow malware to enter your network. The recent hack of Robinhood was initiated after a customer service employee was tricked over the phone into providing confidential information to a criminal on the other end of the line.
4: Use strong passwords. Create strong passwords and change them throughout the year. Avoid easily guessed login credentials, and routinely ensure that only approved employees have access to information that could be valuable to hackers.
Sources
- GoDaddy Breached – Plaintext Passwords – 1.2M Affected by Mark Maunder, 22 Nov 2021, WordFence
- GoDaddy data breach hits 1.2 million Managed WordPress customers by Sergiu Gatlan, 22 Nov 2021, Bleeping Computer
- GoDaddy Hacked, 1.2M Customers at Risk of Phishing Attack by Matthew Humphries, 22 Nov 2021, PCMag
- GoDaddy hack exposes accounts of 1.2 million customers by Graham Cluley, 23 Nov 2021, Bitdefender
- GoDaddy Hack Spreads to 6 More Web Hosts by Matthew Humphries, 24 Nov 2021, PCMag
- GoDaddy hack exposes accounts of 1.2 million customers by Graham Cluley, 23 Nov 2021, Bitdefender
- GoDaddy Hack Spreads to 6 More Web Hosts by Matthew Humphries, 24 Nov 2021, PCMag
- What is Ransomware and How Does Ransomware Work – Statistics and Examples by Unitrends
- GoDaddy Wikipedia