Another Day Another Breach

Today is Friday, May 8th, 2020. We’re officially almost at the end of another week of quarantine. Businesses are still working under restrictions and many people working from home. But, guess who is not taking a break during a worldwide pandemic? Hackers, that’s who. 

This week, here at CPG, we are taking a look at another massive data breach. The victim this week happens to be web hosting giant Now, not only is this breach troublesome for GoDaddy, but also the hundreds of thousands of sites that utilize their hosting services. 


What Happened?

To begin, as stated above, the web hosting platform, recently announced that a data breach occurred on their platform. Concern immediately stems from the company to their many customers that rely on the platform to host their own sites. 

And by many customers, I mean the five million web sites hosted on their servers and systems. The company recently filed a data breach notification with the state of California, and proceeded to notify customers. 


The GoDaddy Breakdown

GoDaddy released a one size fits all template to notify affected customers of the breach. The document sent to customers states the data breach and informs the recipient that they are one of the victims in the breach.


We need to inform you of a security incident impacting your GoDaddy web hosting account credentials. 


Following the initial recognition and notification, the company proceeds to address the actual attack.


We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.


Next, GoDaddy addresses that they reset your account in a practice step to protect the integrity of your information. They also recommend future steps in regard to having a security audit done for the affected site. 


We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.


But as an extra step in an attempt to help smooth things over, they also offer “one year of Website Security Deluxe and Express Malware Removal at no cost”. For the full document, click here.


Next Steps

After that seemingly impersonal, rough draft of a notification letter, many customers are on their own to fix up their accounts. Yes, GoDaddy is offering “security services”, but the damage might already be done. 

So, the next steps for the affected customers means resetting their account and those linked to the GoDaddy one, plus a security audit and other recovery security steps. 

All in all, what we have here is another prime example of why proactive security and proper recovery protocol is important for such a large company. 


By Taylor Ritchey