In 2021, the hacker hits keep coming! 

With headlines awash in reports of bigger and more alarming hacking activity month after month, the latest comes from major domain registrar and web hosting company GoDaddy, which announced on Monday that it had discovered a data breach on November 17.  

GoDaddy’s November 22 filing with the Securities and Exchange Commission [i] noted that they detected the breach when they noted suspicious activity in their Managed WordPress hosting environment. The subsequent investigation determined that an unauthorized third party had used a compromised password to gain access to the provisioning system in the legacy code base for Managed WordPress beginning on September 6, 2021.  

Though the hacker was blocked from GoDaddy’s systems when the intrusion was detected, the damage had already been done. 

What Did The Attacker Have Access To?

According to the filing, the breach affects 1.2 million active and inactive Managed WordPress users. The information exposed includes: 

  • Email addresses and customer numbers. The exposure of this information could put users at greater risk for phishing attacks. 
  • The original WordPress admin password created when WordPress was first installed. This information could be used to access a customer’s WordPress server. 
  • Active customer data, including: 
  • Their sFTP credentials, which is used for file transfers. 
  • The username and password for their WordPress database, which stores all their content. 
  • For a smaller subset of active customers, their SSL (Secure Socket Layer) private key. These credentials could allow a hacker to effectively impersonate a customer’s website or services. 

The steps the company has taken to remediate the problem include: 

  • Resetting original WordPress admin passwords (if those credentials were still in use). 
  • Resetting passwords for sFTP and database access. 
  • Issuing and installing new SSL certificates for affected customers.  

In the statement, chief information security officer Demetrius Comes also noted the investigation was ongoing and that GoDaddy was taking steps to add protection to their provisioning system. 

Affected By Data Breach?

Unfortunately, the scenario here is an all-too-familiar one.  

When a hacker infiltrates your system, they don’t just lock it up and demand a ransom anymore; their objective is to remain undetected for as long as possible.  

In GoDaddy’s case, the unauthorized user had over two months of access to GoDaddy’s 20 million global customers before any red flags went up. It’s unclear if the company could have taken additional security measures (such as two-factor authentication) to prevent the initial access. One thing this hack highlights, though, is the importance of regular, ongoing security scans and monitoring, regardless of what cybersecurity measures you have in place.  

Who knows how many more of GoDaddy’s clients might have been affected had they not performed the scan that finally spotted the suspicious activity? 

That being said, it’s also not safe to assume that all the damage from the breach has been detected (or has even occurred) yet, and the customers whose data was stolen will need to proceed with caution until they can properly determine if their WordPress sites have been compromised or not.  

What we do know is that if affected companies aren’t already working with cybersecurity professionals to safeguard their systems? There’s no time like the present to bring in a cybersecurity expert. Having a knowledgeable team scan a system will help businesses spot vulnerabilities and tell them with certainty whether or not their site is harboring malware or leaving a backdoor open for hackers. 

Are You Prepared?

There’s a better time to hire a cybersecurity firm to examine your system than after a hack—and that’s before one has occurred.  

It’s much easier and much less costly to make your business an unattractive prospect for hackers BEFORE they have launched a successful cybersecurity attack on your business. Always remember: HACKERS ARE LAZY!!! They are looking for an easy target. If you have a cybersecurity portfolio that is well-implemented, cybercriminals are much more likely to get fed up and look elsewhere for the low-hanging fruit. 

An ounce of prevention is worth a pound of cure. 

Petronella Technology Group (PTG) can conduct a thorough security audit and risk assessment that tells you exactly where your vulnerabilities are and how to fix them. Our goal is to help prevent hacks, ransomware attacks, and other cybercrimes, so you can focus on your business in the knowledge that your data and systems are secure. 

To find out more about how PTG can help you secure your systems before disaster strikes, contact us here or call 919-646-3780. 

[i] https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm 

The post GoDaddy Hacked appeared first on Cybersecurity | Ransomware | Managed IT.

Craig Petronella

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People,

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People, Processes and Technology.

Craig is an Amazon #1 Best-Selling Author of many books, including “The Ultimate Guide To CMMC”, founder of the podcast Cybersecurity and Compliance with Craig Petronella – CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001 https://petronellatech.buzzsprout.com/ and is an MIT Certified Professional in AI, Blockchain, Cybersecurity and Compliance.

Almost all of Craig’s clients are earned by referral with little or no advertising, and he is well-known and highly-regarded in professional circles throughout the US, after serving as compliance consultant and conducting onsite risk assessments for over 500 medical practices, hospitals, and business associates across the country.

Continuity of your business operations starts with cybersafety.

PTG provides Cybersecurity & Compliance Consulting Services, including:

We help defense contractors, medical practices, law firms and various businesses that are regulation comply with ANY regulation, including:

  • CMMC
  • DFARS
  • NIST 800-53 & 171
  • DFARS
  • HIPAA & HITECH
  • SOX
  • All ISO & SOC levels
  • & Many More…

We serve customers across all sectors in public & private organizations. We understand that each industry and organization has unique IT challenges and our expertise enables us to help you navigate the regulatory mandates and customize a solution tailored to your needs.

Show more Show less