Estimated reading time: 1 minute, 37 seconds

What Cybersecurity Pros Are Saying About GoDaddy’s Data Breach  

Cybersecurity experts have been voicing their concerns about a recently uncovered data breach at GoDaddy, which potentially affected 1.2 million of the Web hosting giant’s customers.

GoDaddyAs USA Today and TechCrunch report, GoDaddy disclosed the breach in a November 22 regulatory filing. Demetrius Comes, chief information security officer of GoDaddy, said the company found that an unauthorized third-party was accessing the systems where it manages customers’ servers for WordPress, a popular content management system for blogs and websites.

Detected on November 17, the unauthorized access began around September 6, the company said. Information exposed included email addresses and passwords.

Dominic Trott, UK manager at Orange Cyberdefense, told CSO Online that the time between the breach and its discovery was surprising and “expos[ed] GoDaddy to both reputational and financial damage.”

Trustwave SpiderLabs director Ed Williams, also speaking with CSO Online, said that hackers would “try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes.”

Anurag Kahol, chief executive at Bitglass, told SecurityBrief Asia that with the common reuse of passwords, this exposure of one set of user credentials could lead to other accounts being hijacked.

Glasswall CEO Danny Lopez, also speaking with SecurityBrief, called hackers’ access to a hosting company particularly concerning, in light of how much sensitive information such entities control. “Organizations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems,” Lopez said.

A day after disclosing the breach, GoDaddy confirmed that customers of several brands that resell GoDaddy Managed WordPress were also affected. They are: tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe. A company spokesperson told WordFence, “A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident.”

As Insurance Times reports, cyber analytics firm CyberCube also called the GoDaddy data breach “a wake-up call” to the insurance sector.

Read 1659 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.