On 6 Sep 2021, by an unknown hacker, GoDaddy was hacked and more than 1.2 million passwords, emails, and SSL private keys are exposed in this breach, GoDaddy has over 20 million worldwide users.
GoDaddy is a leading registrar of domains! On 22 November 2021, they announced that someone gained unauthorized access to GoDaddy’s Managed WordPress and this breach affected more than 1.2 million GoDaddy’s Managed WordPress sites of their customers.
GoDaddy was Hacked
This breach is alerting all the giant companies that need to look into their product security and safety for end-users! We haven’t found any stats of affected customers, as mentioned 1.2 Million compromised are basically websites and many GoDaddy users own more than 1 Managed WordPress site in GoDaddy account including somewhere emails, numbers are exposed in this breach.
GoDaddy filed a cybercrime report with SEC (Security Exchange Commission) [1], the unknown attacker gained access using a compromised password on 6th September, and the attacker was having access until was discovered on 17th November! GoDaddy revoked unknown attacker access on 17th November.
Chief Information Security Officer Demetrius Comes said the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers. The company also indicates rising Phishing attacks for exposed customers. GoDaddy also stated that the WordPress admin password was created when the first copy of WordPress software was installed.
GoDaddy took rapid action to analyze the damage done by third party and the company announced on 22nd November of breached security. The damage was huge, GoDaddy takes around 6 days to figure the damage done by hackers and the attacker had access to their system for more than 2 months!
It is impossible to promote any hack-free culture in the 21st century, GoDaddy did a very basic mistake while handing the Passwords of sFTP!
The giant registrar was storing passwords in PlainText format or at least using encryption which could be reversed to the plain-text format. GoDaddy didn’t add security protocols for password storing and this practice is a shame for a giant company that owns thousands of employees but is not able to protect its customers. While other competitors of GoDaddy use security protocols and adaptively all the up-to-date companies come with complete security work on-their end such as Salt Passwords, Public Keys! These practices are considered the best protocols for security and it’s a very simple adaptive function for any beginner programmer who writes simple and basic code! That’s the disappointment from a giant company, wasn’t expected this kind of mess from the leading Domain and Hosting providers. In some cases customers, SSL private keys were also exposed to a third party (attacker).
The company, GoDaddy filed complaints in SEC, they stated that “For active customers, sFTP and database usernames and passwords were exposed.” The company reset the passwords, private keys, and SSL certificates processing to issue.
GoDaddy’s Dan Race declined to brief on any ongoing investigation over the breach. GoDaddy provides its services to more than 20 million users from around the globe.
Ref: https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm
1 Comment