Exploit: Data Breach
Company: GoDaddy
Industry: Technology, Web Hosting
Source: https://www.forbes.com/sites/daveywinder/2020/05/05/godaddy-confirms-data-breach-what-19-million-customers-need-to-know/#69d693b51daa

Early this week, details of a recently discovered data breach were disclosed by one of the world’s largest domain registrar and web hosting companies, GoDaddy. This is the second reported incident this year, as a successful spear-phishing attack was reported in late March. The company claims that this recent event took place on October 19, 2019 but was discovered on April 23, 2020, after the company’s security team discovered suspicious activity on a subset of GoDaddy’s servers. They also noted an altered SSH file in GoDaddy’s hosting environment (SSH stands for Secure Shell File- a network protocol used by system admins to access remote computers. This can lead to access of an organization’s sensitive data).

In an official statement given to BleepingComputers by GoDaddy’s VP for Corporate Communications, the company has, “identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment.” It is believed that approximately 28,000 customers have been affected by this breach.

The company has taken action by immediately warning the affected customers, resetting usernames and passwords, and also removed the SSH file from the GoDaddy platform. GoDaddy’s VP further claims they “have no indication the threat actor used our customers’ credentials or modified any customer hosting accounts. To be clear, the threat actor did not have access to customers’ main GoDaddy accounts." For now, the company is standing by their claims that the breach is limited to hosting accounts and not customer accounts or any personal info stored within them.

The attacker has been blocked from GoDaddy’s system and the company is now providing free cyber security options to affected customers including one years’ worth of security and malware removal services. While it seems as though the data breach has been contained and damage was limited to GoDaddy’s reputation, security experts have voiced their opinions on how potentially disruptive this data breach could have been. EMEA Director of Vectra, Matt Walmsley has stated, “it’s a sharp reminder that the monitoring of how privileged credentials are used, not just granted, can make the difference between detecting an active attack and being blissfully ignorant to a breach.”

Protect Your Business Against Modern Cyber Threats

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.