#Incident_report: The GoDaddy Hack.
What exactly has been reported
The company has stated that the malicious actor(s) got hold of the systems through a compromised password and gained access to about 1.2 million Customer email addresses and customer numbers. They further added that this could add a risk of phishing attacks for these customers. The actor(s) could have also gotten access to the admin controls of people with default or initially provided credentials along with access to the sFTP and Database’s access credentials. The compromise of the sFTP protocol can affect the authenticity and integrity of the data that is being transferred the website to the database or the servers, as it allows the website to vulnerable to a man-in-the-middle attack, where the attacker can access or modify the information sent or received.
They also stated that A subset of the platform’s customer’s SSL private key was also exposed and was in process of issuing and installing new certificates.
Since the investigation is under process, the company hasn’t provided any further details about the incident and has stated that they were contacting the customers directly or have requested the customers to contact GoDaddy at https://www.godaddy.com/help.
From what information is available, at the moment, about the incident one can keep the following things in mind to make sure that they don’t get negatively impacted by this incident as GoDaddy is primarily a Business facing platform and a compromise of GoDaddy’s servers could essentially trickle down to a lot of other users as well.
Be careful of the customer service emails from GoDaddy, which most likely a GoDaddy’s existing or past user will receive. Fraudsters might try to employ a phishing tactic in the garb of legitimate timing of an Email due to this compromise.
If your organisation is a sizable operation and uses the services of GoDaddy for their Webhosting, employ the services of an Information security investigator to check if your Database has been maliciously accessed or not.
Based on the results of the investigation one needs to look at the regulatory and legal requirements and compliance standards which they need to follow and act accordingly.
Since GoDaddy has not identified the specific set of customers whose private SSL certificated have been, the active users of GoDaddy, especially the ones who incorporate payment portals or collect personal information from their users and customers, need to check in with GoDaddy’s Customer service if they are in the list of affected parties as they need to act accordingly and might be vulnerable to the man-in the middle attack attacks and can further compromise the data. Users can also consider taking the platform online or shift to other sources until further clarity is available on the incident.
The active and inactive users can contact GoDaddy through their portal at https://www.godaddy.com/help or contact the service representative for India at helpline 040 67607600, to get a clarity on what they need to do.
Author – Mr. Hrishikesh Bedi, Consultant, CyberPeace Foundation