On November 22, 2021, GoDaddy, a major provider of web hosting and domain name services, publicly disclosed a security breach to the FBI. The event happened between September 6th and November 17th of 2021 and was reported once GoDaddy’s security team caught wind of the situation. During the breach, it is believed that 1.2 million email addresses were compromised. A key administrative password internally securing GoDaddy’s WordPress hosting environment was also compromised by an unknown bad actor causing the whole event. For active customers using sFTP and databases, usernames and passwords were reset due to being exposed. As well as a small amount of SSL private keys.
This is how attackers were able to gain access to sensitive information. Luckily, no customer passwords were compromised during this event. Now that email addresses are out in the open, former and active customers need to be vigilant for phishing attacks. This is when an attacker sends an email in hopes of manipulating the receiver to either give sensitive information, download a malicious file by clicking on a link or file located in the email. To prevent a phishing attack there are many security products that filter incoming emails for malicious documents and wording meant to be manipulative, but that only goes so far. Our recommendation is to not only implement this type of tool but also teach and train your employees on the tactics and techniques used during phishing attacks.
The overall importance of this is to be aware of social engineering-based attacks. Social engineering is the manipulation of people to gain access to systems for the sake of obtaining information or other advantages and phishing emails fall right under this. Pretending to inquire about services or gather user information is something you should not take lightly. According to the FBI, between Oct. 2013 and Feb. 2016, social engineering attacks cost businesses around $2.3 billion dollars.
The FBI recommends the following practices:
- Be wary of email-only wire transfer requests and requests involving urgency
- Pick up the phone and verify legitimate business partners.
- Be cautious of mimicked e-mail addresses
- Practice multi-level authentication.
To check if your personal or work email address has been previously compromised or part of a breach you can check on the website haveibeenpwned.com. Protecting your system on a technical level is one aspect of a sound security program, but training the human aspect of your security is one thing you’ll never want to overlook!
If your company is either actively using or a former customer of GoDaddy, you can contact their help center for more information, https://www.godaddy.com/help.