GO DADDY HACKED FOR THE SECOND TIME
On 17 November, web hosting and website domain registrar company, Go Daddy, was subject to a massive cyberattack that saw 1.2 million active and inactive WordPress users have their email addresses and customer numbers compromised. Through a Single-Point-of-Failure (SPoF) attack, the cybercriminals were also able to access the WordPress admin passwords and usernames for all the accounts. Moreover, a small subset of Go Daddy customers also had the credentials of their SSL certificates leaked. With hackers now targeting web hosting platforms, cyber analytics firm, CyberCube, stated that the breach should serve as a wake-up call to both the insurance and reinsurance industries. For those who thought that web hosting services are as safe as houses, maybe they need to think again.
GO DADDY SUFFERS FINANCIAL LOSS
Go Daddy is an American publicly traded Internet domain registrar and web hosting company with over 20 million customers and 7,000 employees across the globe. In 2020, the Arizona headquartered business has a revenue of $3.3 billion with a net loss of $495 million. The year before, Go Daddy made a profit of $137 million. In 2019, the company was subject to a security breach that affected 28,000 customers’ hosting accounts. The breach lasted for a period of six months before detection by the company’s security team on 23 April 2020. The breach targeted customer’s hosting information, compromising the usernames and passwords of the accounts involved. Now, suffering a loss of almost $0.5 billion and being cited as betraying the trust of over 1 million of its loyal customers, what next for the web hoster?
WHAT HAPPENED?
Go Daddy described the cause of the intrusion as a vulnerability, typically a flaw in software coding. However, in Go Daddy’s case, it was more like a lapse in robust IT security and monitoring. After the web-hoster informed the United States Security and Exchange Commission (SEC) of the breach, an investigation revealed that third-party access had occurred on 6 September and went unnoticed for more than 2 months. Whatever Go Daddy’s excuse for failing to recognise the intrusion, many would construe it as unabated negligence.
WHO SAID WHAT?
Go Daddy seemed intent on covering up its negligence claiming it was due to a vulnerability and issued a sweeping statement which read:
“Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”
However, upon investigation, WordFence, a security provider for WordPress discovered that Go Daddy’s Managed WordPress hosting stored Secure File Transfer Protocol (SFTP) usernames and passwords in a manner that did not conform to industry best practices. SFTP is a file transfer protocol enabling the secure uploading and downloading of files from a hosting server. A statement from WordFence read:
“GoDaddy stored SFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.”
IT GETS WORSE
It appears that Go Daddy’s woes don’t end with the breach of some 1.2 million accounts. WordFence stated that cybercriminals had access to website databases beyond WordPress which could lead to accessing website customer information and sensitive information stored on e-commerce sites. WordFence also stressed that changing the passwords of compromised sites might be too late and said:
“…the attacker had nearly a month and a half of access during which they could have taken over these sites by uploading malware or adding a malicious administrative user. Doing so would allow the attacker to maintain persistence and retain control of the sites even after the passwords were changed.”
IS AWS NEXT?
Will Amazon’s AWS web hosting service be the next target of a cyberattack? It’s unlikely and let’s hope not. But what is worrying is that a reputable company such as Go Dady – or maybe not as it has fallen foul of cybersecurity twice now – can be taken down. You don’t need to be concerned about the safety and security of your websites, or any other vital IT system. I have more than 20 years of experience in professional business IT management, specializing in risk mitigation and cybersecurity. Put your mind at ease and contact me today. Together, we can make all aspects of your IT foolproof.