Amidst the COVID-19 breakout, the vogue of web contamination continues. “GoDaddy,” the world’s largest domain registrar, has been struck by a major data breach on its server. Personnel from the domain registrar said that the breach started on October 19, 2019. However, the company reported that the issue was discovered on April 23. Security personnel reported that over 28,000 SSH user credentials were compromised on GoDaddy hosting accounts by an unauthorized attacker.
How Did GoDaddy Acknowledge the Breach?
The data breach did not clarify GoDaddy’s hosting packages. According to the public statement released on GoDaddy’s data breach:
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts.Although, the individual did not have access to customers’ main GoDaddy accounts.”
Joseph Carson, Chief Security Scientist, and Advisory CISO at Thycotic said that a data breach such as this on a large hosting provider is a significant issue. It allows a cybercriminal to make modifications to web services that could steal data, credit card information, and account passwords.
What is SSH? How Valuable are its Credentials?
A secure shell (SSH) is a network protocol that enables a user to manage a reliable way to access a computer over an unsecured network. A secure shell is used to access a remote machine via encrypted passwords and execute commands. Also, it allows users to transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. Practically, every domain hosting firm uses SSH, including GoDaddy.
Additionally, SSH provides strong password authentication and public key authentication. Throughout the authentication process, these SSH keys are used to establish direct, administrative or root access to a family of significant vulnerable systems. It eases the data communications between two computers connecting over the internet. Besides, the prominent use of SSH is for connecting to a remote host via a terminal session. The command is written below on the terminal to join SSH server:
What are the Consequences of the GoDaddy Data Breach?
GoDaddy has also recommended a security audit of the hosting account. The security personnel has claimed that they have reset passwords and would provide impacted customers with a year of its website security and malware removal service for free. The security personnel from GoDaddy explained that the breach has only affected hosting accounts. Additionally, he made clear that no general GoDaddy.com customer accounts and customer data in the main accounts were accessed.
I am Affected. What Should I Do?
In case you’re affected by this breach and haven’t already been apprised by GoDaddy, you’ll likely be notified within the near future. GoDaddy intimates that they need to update the account passwords and eliminate the attacker’s DSA(Digital Signature Algorithm) public key. Moreover, this could prevent the attacker from accessing affected websites via SSH. Also, we firmly recommend you to change your website’s database password, as the attacker could have easily compromised this without modifying the account.
As they are investigating more in the matter, GoDaddy has advised the affected account holders to conduct a thorough audit of their site and look out for any possible breach. In addition to this, the users affected by GoDaddy breach have been provided free of cost hosting and malware removal services for a year.
How to Mitigate such Attacks?
Below are some key steps that you can check to see if you are the target of a phishing attack:
Check the Email Source. Always check for the source of the email. If the email does not come from a legitimate GoDaddy domain, then most probably it might be a phishing source which may result in a data breach.
Also, search for a large number of typos or misspellings in the email content. Professional emails do not contain any typo errors or misspellings. They hire experienced writers to avoid such mistakes. Mail, including such errors, might indicate a phishing trap.
Modified webpages can trick you to provide personal information. The phishing attack has evolved. The text, style, imitated logo, and the organization’s standard email template are used to manipulate the users. Thus, this tricks them into downloading the malicious payload.
Prashant is a student of Computer Science and Engineering at NIT Allahabad. He is also a web pentester and cybersecurity analyst. He may be an introvert and sociable person at the same time. He loves meeting new people and he is in a journey to explore himself. Currently working as a content writer at BLARROW.TECH.
BlARROW is a unilingual, electronic, free-content site which composes write-ups on issues concerning online security and architecture technology. It is run helpfully by content scholars who write on a broad scope of subjects. Anyone with access to the internet connection and an ache to gain some new useful knowledge can get to these articles. Aside from this, they additionally give Udemy coupons, Appstore Games, and applications, all for free.
So, in case one is curious to learn something new, gain widespread knowledge without drawing a hole in the pocket.