The web hosting company GoDaddy has indicated that a data breach has occurred, according to TechCrunch. The firm has warned users that data may have been accessed. This has come to light via a filing with the Securities and Exchange Commission.
Here, GoDaddy’s chief information security officer Demetrius Comes said the firm detected unauthorized access to its systems where it hosts WordPress servers. The issue arises because GoDaddy lets customers host their own WordPress installs on their servers.
The statement offers the following apology: “Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country.”
Bleeping Computer reports that GoDaddy has not yet published a public statement regarding this data breach on its website.
In response to GoDaddy’s data breach that exposed 1.2 million customers, Robert Prigge, CEO of Jumio, explains to Digital Journal the implications behind the cybersecurity incident.
Prigge explains that the reason the issue happened was due to a key weakness found in the company’s systems. Prigge explains: “This breach underlines the inherent weakness of relying on credentials to authenticate users, as it was caused by unauthorized access via a compromised password.”
This is part of a trend, says Prigge: “In fact, 61 percent of data breaches in 2020 involved the use of unauthorized credentials, and this number is sure to increase if organizations don’t move away from this outdated method.”
In terms of what the move forwards should entail, Prigge clarifies: “With user email addresses, credentials for WordPress databases and SSL private keys exposed in this breach, cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites.”
As to the appropriate response, Prigge states: “Resetting passwords and private keys is simply not enough to protect the 1.2 million users affected by this breach.”
As to what is the best option, Prigge adds: “Instead, online organizations should turn to a safer and more secure alternative like biometric authentication (leveraging a person’s unique human traits to verify identity), which confirms the user logging in is truly the account holder and ensures personal data is protected from cybercriminals.”
