From email addresses to usernames and passwords, everything compromised. The company says it’s investigating further.
The sites we use on the internet daily require at least two basic things to run. A domain name and a server host. If a domain name is a site’s address, then a server is its physical location where all the data is stored by its host. One of the most famous company worldwide for providing services of both domain name and server hosting is GoDaddy.
In a recent filing in the US Securities and Exchange Commission, GoDaddy has revealed that 1.2 million of its user accounts were compromised.
Details of the hack
GoDaddy explains that on 17th of November, it detected that a third party had gained unauthorized access to the managed WordPress servers using a compromised password.
After finding it out, GoDaddy blocked the third party from its servers. Later, it took help from an IT forensics firm and alerted law enforcement agencies.
Upon further investigation, GoDaddy found out that since 6th September, the third party used the vulnerability in its systems to gain access to several types of user information.
It reveals that username and customer numbers of 1.2 million of active and inactive Managed WordPress customers of GoDaddy were compromised. With leaked email accounts having a potential of phishing hacks.
Then it mentions that original WordPress admin passwords, used at the time of setup too were leaked. It has reset the ones who are still using those original passwords on their services.
But even bigger problem is the fact that it found out that sFTP and database usernames and passwords of its active customers were exposed. This is a major issue as it means the hackers had direct access to the files hosted on the servers of GoDaddy’s customers. This has a huge potential for misuse. The company says it has reset those passwords too.
Taking it further, it says that private SSL keys of a part of its customers too were compromised. SSL keys are the ones which secure HTTPS connections of a site. Getting them compromised means the hacker can impersonate a victim’s site and further risk the security of the users of the site. GoDaddy says it’s in the process of issuing and installing new certificates for the hacked sites.
In the end, in the filing by Demetrius Comes, GoDaddy’s Chief Information Security Officer, reveals that the investigation is still going on and apologizes for this hack and intends to improve its security further with more layers of security.
Outcome of this hack
Simply put, this is quite bad from GoDaddy’s side. It’s one of the top names in the internet hosting world. From businesses to professionals, everyone uses GoDaddy.
Furthermore, managed WordPress servers were the ones which were compromised. A huge amount of internet runs on managed WordPress servers. Seeing them getting hacked can be nothing less than bad publicity for the company, which can hit its reputation and customer interest.
What’s concerning was how convenient it was for the hacker to gain access of the servers. The hacker used, what it seems like, a single compromised password and gained access to 1.2 million of user accounts with ease. You expect a big company like GoDaddy to not only have multi-layered security, but also basic things like Two-Factor Authentication for their access.
Additionally, it’s not mentioned whether the passwords were hashed or not. Hashing of passwords, now a much required standard practice, makes it harder for the hackers to use or read leaked passwords easily. In spite of being a standard practice, a lot of companies are found out not using password hashing. Instead, they store passwords in simple plain texts. Something which is a horrible practice in terms of security.
How to protect oneself from password leaks
In our earlier article titled 2021’s Top 200 Most Used Passwords Revealed, we explained how one can protect their accounts with good password practices. One can go through the article to understand the nitty-gritty of it.
Additionally, we would put an emphasis on the fact that not only a strong password is important, but it’s also important that a single password is not used in multiple places. Using a new password for every service or site ensures that the damages of the hack is limited only to the compromised site itself and not elsewhere.
