GoDaddy, the biggest Internet domain registrar and web host, confirmed that its security has been compromised. The GoDaddy breach has impacted approximately 28000 customers and over 19 million users face the risk.
GoDaddy’s public statement regarding the breach is as follows:
“ On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts. ”
As we mentioned earlier, GoDaddy is the biggest domain registrar and web host there is. The company has over 19 million customers. They host millions of websites and own 77 million shared domains. Such a security breach reflects poorly on the company.
GoDaddy Breach in Detail
Approximately 28000 customers were compromised using a spear-phishing attack. But what does the GoDaddy breach mean for customers?
Secure Shell (SSH) is a cryptographic protocol that uses encryption to secure network services over an unprotected network. Moreover, SSH authenticates logins in two ways, one with a username and password and the other with a username and public/private key. When the SSH details are compromised, the attacker can access accounts where a private key is required.
To make matters worse, it is likely that the hacker added a public key in the compromised accounts. This way, the hacker can access the accounts even after users change the password.
However, according to GoDaddy, the breach affected hosting accounts only. This means that personal information or credentials were not compromised. In addition to that, none of the customer accounts were hacked. Also, there is no substantial evidence showing that information was leaked or modified.
GoDaddy also released a statement saying that they “Regret this incident occurred”. They are willing to provide years’ worth of security and malware removal services to the customers whose accounts were compromised.
What To Do About The GoDaddy Breach?
GoDaddy has advised all customers to conduct a security audit to identify any threats. Apart from this, there are other measures you can take.
The first and foremost step is to change your password. Second, scan the website for malware or any other problems. Finally, you should check for unauthorized administrative users. If any anomalies are detected, you must immediately remove them by hiring specialists.
Be very mindful of phishing emails and suspicious links. There is a really high chance of a phishing attack after the GoDaddy breach.
How to Identify a Phishing Attack
- Check email header: To make sure an email was sent from GoDaddy, cross-check the e-mail header for the domain name. If it’s not there, the email could be a phishing mail.
- Sensitive Information: Legitimate companies would not ask you to share sensitive information through an email.
- Spelling errors: Perhaps the easiest way to identify a phishing email. Legitimate companies have professionals sending emails. Therefore, you will not encounter grammatical or spelling errors.
- Check the addressee: Legitimate companies normally address the recipient by their name. Phishing emails address recipients generically. For example, “Dear valued customer”.
- Email provider flagging the email: Email providers do a basic security check on all emails that land on your email. You may see a warning message attached to the email, which also hints at the email is a phishing email or Spam.
What to do if you’ve fallen victim to a Phishing Scam
- Contact GoDaddy support. Scammers could pose as GoDaddy and send you emails (likely with malicious links).
- File a cybercrime report and receive better help and advice from cybersecurity specialists.
- Scan for viruses & malware
If you are not touched by the hack, invest in a security solution now to avoid any such incidents in the near future.
GoDaddy’s data breach proves just how important cybersecurity is for web owners and businesses online. No one is safe on the web. The fact that it took GoDaddy almost over six months to sniff the breach, brings us to the same old question – how secure is our data online?
The threats are always going to be there. How quickly and effectively you take action towards mitigating it is all that counts. Build your incident response mechanism today with a trusted security solution such as Astra and guard your data against prying eyes and ill tricks. Practicing secure operations and protocols is another way you ensure your security online.
For now, if you are a GoDaddy customer, reset all your passwords, run a malware scan and get a security audit done on your website. Risks of phishing scams are particularly high for these data breaches, keep an eye on all such emails.