Breach on GoDaddy Goes Back “Multiple Years”

Introduction

Whether you’ve used it before or just seen it in commercials, you’ve probably heard about GoDaddy.com before. The website hosting platform manages over 76M domains around the world, making it easy for people to build, grow and market their website.

Recently an investigation into suspicious activity on GoDaddy servers uncovered a massive data breach that’s been ongoing since at least 2020.

Photo by Mikhail Nilov from Pexels

What GoDaddy Users Should Know

The threat actors responsible for the breach appear to have first gotten in through the shared hosting environment used by GoDaddy. Simply put, shared hosting environments are a type of web hosting that allows multiple sites to be run on the same server; that’s what GoDaddy does. Shared hosting environments typically offer increased security measures compared to other types of web hosting solutions, which is often ideal for SMBs.

Last December, numerous customers started to report that their hosted websites were redirecting to outside domains. This prompted the initial investigation. It was then that the plot was uncovered: threat actors had been accessing GoDaddy’s network for several years already, with at least two other breaches linked to the same exposure.

The first was an incident dating all the way back to March 2020, when a supply chain attack impacted the security of its millions of users. Although no customer data was accessed or stolen, the incident nevertheless raised concerns about the security of web hosting services.

The second, which took place November 2021, impacted 1.2M WordPress sites when a stolen password was used to breach them through their GoDaddy accounts. Emails, admin passwords, login for the database, active SSL keys and more were all compromised.

Looking even further into this latest breach also revealed possible connections to a larger attack campaign against website hosting platforms all over the world. It appears to be a widespread conspiracy, wherein threat actors aim to spread malware, phishing, and other malicious activity to a ton of websites at once by first breaching these hosting services, like GoDaddy.

How to Protect Yourself from Supply Chain Risks

It’s tough when you do everything possible on your end to protect your private data and important accounts, only to wind up victimized by something out of your control.

In the event that your data is compromised in a larger attack, here are some steps that you can take to mitigate the damage.

  • Create and implement a reliable Business Continuity Plan (BCP)
  • Utilize both regional and global security strategies
  • Develop distribution centers in different regions
  • Ensure visibility, collaboration, and information sharing among upstream and downstream supply chain partners
  • To prevent IT and cyber risks, invest in hardware and software tools
  • Pay attention to, and then heed, your cybersecurity awareness trainings

Conclusion

This attack on GoDaddy, while massive, is only the latest in an increasingly furious swarm of attacks against third-party services. Everyone needs to research the security of online services before using them, and then continue to monitor and protect your accounts there. This will help to reduce the risk of becoming a victim to something like this. Cyber events like these also illustrate how anyone, anywhere can be targeted for a data breach.

Take time to go over your security settings and make sure your accounts are as impenetrable as they can be. Update to new versions of software and hardware whenever you can, stay aware of new threats and breaches, and follow this blog for more tips on remaining cyber-secure!

Photo by Rodolfo Clix

References

Related Posts