Connect with us

Hi, what are you looking for?

Tech & Science

Hosting the issue: GoDaddy caught out in data breach

Cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites.

URL beginning with the HTTP scheme and the WWW domain name label. Image: Kulandru mor — Public Domain (CC0 1.0)
URL beginning with the HTTP scheme and the WWW domain name label. Image: Kulandru mor — Public Domain (CC0 1.0)

The web hosting company GoDaddy has indicated that a data breach has occurred, according to TechCrunch. The firm has warned users that data may have been accessed. This has come to light via a filing with the Securities and Exchange Commission.

Here, GoDaddy’s chief information security officer Demetrius Comes said the firm detected unauthorized access to its systems where it hosts WordPress servers. The issue arises because GoDaddy lets customers host their own WordPress installs on their servers.

The statement offers the following apology: “Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country.”

Bleeping Computer reports that GoDaddy has not yet published a public statement regarding this data breach on its website.

In response to GoDaddy’s data breach that exposed 1.2 million customers, Robert Prigge, CEO of Jumio, explains to Digital Journal the implications behind the cybersecurity incident.

Prigge explains that the reason the issue happened was due to a key weakness found in the company’s systems. Prigge explains: “This breach underlines the inherent weakness of relying on credentials to authenticate users, as it was caused by unauthorized access via a compromised password.”

This is part of a trend, says Prigge: “In fact, 61 percent of data breaches in 2020 involved the use of unauthorized credentials, and this number is sure to increase if organizations don’t move away from this outdated method.”

In terms of what the move forwards should entail, Prigge clarifies: “With user email addresses, credentials for WordPress databases and SSL private keys exposed in this breach, cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites.”

As to the appropriate response, Prigge states: “Resetting passwords and private keys is simply not enough to protect the 1.2 million users affected by this breach.”

As to what is the best option, Prigge adds: “Instead, online organizations should turn to a safer and more secure alternative like biometric authentication (leveraging a person’s unique human traits to verify identity), which confirms the user logging in is truly the account holder and ensures personal data is protected from cybercriminals.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

What do you guys think the expression “useless morons” means?

Sports

For those seeking to snap up a ticket, it is important to know how to spot fake tickets, verify sellers, and safeguard the purchase.

Business

The US Department of Justice filed a major antitrust lawsuit Thursday seeking to break up an alleged monopoly in the live music industry.

Tech & Science

A defensive approach is no longer sufficient. Water facilities must implement a proactive cybersecurity defense to effectively mitigate cyber threats.