Connect with us

Hi, what are you looking for?

Tech & Science

Hosting the issue: GoDaddy caught out in data breach

Cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites.

URL beginning with the HTTP scheme and the WWW domain name label. Image: Kulandru mor — Public Domain (CC0 1.0)
URL beginning with the HTTP scheme and the WWW domain name label. Image: Kulandru mor — Public Domain (CC0 1.0)

The web hosting company GoDaddy has indicated that a data breach has occurred, according to TechCrunch. The firm has warned users that data may have been accessed. This has come to light via a filing with the Securities and Exchange Commission.

Here, GoDaddy’s chief information security officer Demetrius Comes said the firm detected unauthorized access to its systems where it hosts WordPress servers. The issue arises because GoDaddy lets customers host their own WordPress installs on their servers.

The statement offers the following apology: “Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country.”

Bleeping Computer reports that GoDaddy has not yet published a public statement regarding this data breach on its website.

In response to GoDaddy’s data breach that exposed 1.2 million customers, Robert Prigge, CEO of Jumio, explains to Digital Journal the implications behind the cybersecurity incident.

Prigge explains that the reason the issue happened was due to a key weakness found in the company’s systems. Prigge explains: “This breach underlines the inherent weakness of relying on credentials to authenticate users, as it was caused by unauthorized access via a compromised password.”

This is part of a trend, says Prigge: “In fact, 61 percent of data breaches in 2020 involved the use of unauthorized credentials, and this number is sure to increase if organizations don’t move away from this outdated method.”

In terms of what the move forwards should entail, Prigge clarifies: “With user email addresses, credentials for WordPress databases and SSL private keys exposed in this breach, cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites.”

As to the appropriate response, Prigge states: “Resetting passwords and private keys is simply not enough to protect the 1.2 million users affected by this breach.”

As to what is the best option, Prigge adds: “Instead, online organizations should turn to a safer and more secure alternative like biometric authentication (leveraging a person’s unique human traits to verify identity), which confirms the user logging in is truly the account holder and ensures personal data is protected from cybercriminals.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

‘Paddington in Peru’ returns the loveable bear to his native rainforest on a quest to save his aunt

Tech & Science

Many scientists have long thought that developing planets should resemble the swirling disk of gas and dust that births them.

Business

OpenAI's board chairman said it has unanimously rejected an Elon Musk-led offer to buy the hot artificial intelligence company for $97.4 billion.

World

Dismantling the water storage tanks is a crucial step in the decades-long project to decommission the crippled Fukushima nuclear plant - Copyright AFP Atish...