The largest domain registrar in the world confirmed on Monday that an unknown third party has gained access to their systems on September 6th and had access for over 2 months before GoDaddy noticed the breach last week.
The data that was stolen includes customer emails and numbers, usernames, and passwords for GoDaddy’s databases and SSL private keys for a small number of customers. SSL private keys are used to authenticate websites to users to ensure that they are safe.
Although GoDaddy has reset all of the customer’s passwords, if the attackers managed to get SSL private keys, they could potentially mimic customer sites and embed malware into them, the SSL certificate would show the website as being safe but malware would still make its way onto your machine. This could also lead to customers using the mimicked site instead of the genuine one resulting in more breached data.
The other two main ramifications of this incident are follow-up phishing, where attackers try and phish the affected customers with a variety of emails like password resets, and extortion, threatening to sell customer data if the victim doesn’t pay up.
The attack occurred due to a compromised credential meaning MFA was likely not in use either.
Unfortunately, attacks like these are not going to slow down or stop, peoples passwords get compromised all the time whether it’s due to weak password security or not using best practices like MFA.
GoDaddy will have contacted the people that were involved in the breach, however, as a precaution, we recommend you reset all your passwords and ensure MFA is enabled were available, if you receive any emails that appear to be from GoDaddy, ensure they are 100% legit before acting on them if you’re unsure call their support team and verify the email that way.
A lot of companies do not manage their own domains and in this case, should contact whoever manages their domain like their webmaster or IT company to confirm if they were involved in the breach or not.
If you would like to know more about Cyber Wise and what we do, please do not hesitate to contact us..