Over One Million GoDaddy Customers Caught Up in Data Breach

Domain registrar and hosting company GoDaddy confirmed a new data breach. This is not the first time the company has suffered a security breach. In this latest one, at least 1.2 million customers have been affected.

The disclosure was made in a document filed with the US Securities and Exchange Commission as part of GoDaddy's obligations as a publicly traded entity. The filing attributed the attack to an "unauthorized third party". The initial breach was effected on September 6 and whatever threat actor was behind it managed to maintain uninterrupted access and remain under the radar for more than two months. The issue was finally spotted in mid-November.

The threat actors had compromised GoDaddy's Managed WordPress hosting environment. In essence, this service allows GoDaddy customers to make use of the WordPress platform in an environment hosted by GoDaddy, without the need for the customer to update and maintain the platform's internals.

The threat actor used a "compromised password" to access GoDaddy's servers.

Different types of data for different customers were accessed in the data breach. This includes 1.2 million emails and customer numbers of current and inactive customer accounts, sFTP and DB username and password combos (with passwords already having been reset by GoDaddy at the time of the filing), SSL certificate private keys for a portion of currently active customers.

Security experts outlined a few scenarios of what potential malicious actions threat actors might be able to pull off with the stolen data and none of them were particularly pretty. The scenarios ranged from hijacking domains and ransoming them out to their legitimate owners, to redirecting page visitors to pages that mimic the legitimate ones and then scraping any information entered on the spoofed pages.

A chief security researcher with AppViewX called some of the possible ugly scenarios "extinction-level events".

Reporting on the issue, ThreatPost outlined a string of three more security incidents that GoDaddy suffered in 2020 alone.

November 23, 2021