GoDaddy is at it again. In yet another security incident, GoDaddy this week revealed that 1.2 million users had the following information compromised:
Email address and customer numbers
Passwords for sFTPs, databases and SSL private key
Admin passwords for both WordPress sites hosted on the platform
GoDaddy did not announce the incident on their website or via social media. The information was only made available via SEC disclosure.
Security experts shared their thoughts on why this breach was disappointing from a customer protections standpoint and what could've been done to prevent it.
Robert Prigge, CEO of Jumio
“This breach underlines the inherent weakness of relying on credentials to authenticate users, as it was caused by unauthorized access via a compromised password. In fact, 61% of data breaches in 2020 involved the use of unauthorized credentials, and this number is sure to increase if organizations don’t move away from this outdated method. With user email addresses, credentials for WordPress databases and SSL private keys exposed in this breach, cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites. Resetting passwords and private keys is simply not enough to protect the 1.2 million users affected by this breach. Instead, online organizations should turn to a safer and more secure alternative like biometric authentication (leveraging a person’s unique human traits to verify identity), which confirms the user logging in is truly the account holder and ensures personal data is protected from cybercriminals.”
John Hammond, Senior Security Researcher at Huntress
"The GoDaddy breach releases an absolutely staggering number of affected customers, alongside usernames and passwords for specific protocols as well as SSL certificate private keys. While GoDaddy is reissuing new SSL certificates and recovering, this ultimately boils down to a single weakness: one singular password, used as a key to unlock all of this sensitive information within GoDaddy's Managed Wordpress. It is not yet clear if this was a strong and secure password that was compromised, or if it was backed by multi-factor authentication, but it certainly shows the need for these extra security protections. Implementing single-sign on (SSO) capability, enforcing 2FA absolutely everywhere, and the other tried-and-tested defensive mechanisms do help deter incidents like this. Passwords are not dead yet -- similar to how we might still carry cash when the world uses credit cards, perhaps we might never be rid of passwords. They still need to be protected and limited in what/how much they offer access to."
Nick Tausek, Security Solutions Architect at Swimlane
"GoDaddy’s data breach incident follows three of similar nature in the last three years—an AWS error that exposed GoDaddy server data in 2018, an unauthorized user who breached 28,000 accounts in October 2019 and the hacking of cryptocurrency sites hosted by GoDaddy in November of 2020. In this case, over a million user accounts containing sFTP credentials, usernames and passwords were left exposed in the breach.
Due to its history with cyber incidents, GoDaddy has become an easy target. It operates 35,000 servers hosting more than five million websites, with millions of people relying on its services for the day-to-day operations of their businesses and hobbies. Because of the level of user dependency, repercussions can be severe when a situation like this presents itself. For customers to be able to trust that their valuable and highly sensitive data remains safe and secure, organizations like GoDaddy must implement the proper controls to recognize and thwart cyber threats. All-encompassing cybersecurity systems that centralize detection, response and investigation efforts into a single platform allow for full visibility into IT ecosystems and, ultimately, complete data protection. With the power of security automation, companies and customers alike can have full trust that important information remains fully protected within the walls of these databases."