GoDaddy Reports Data Breach: Impacted Customer Data from 1.2 Million Individuals

What’s Going On?

GoDaddy reported the breach to the Securities and Exchange Commission (SEC) on November 17, revealing that suspicious activity in its managed WordPress hosting environment was observed on that date. Using a stolen password, an unauthorised third-party obtained access to the Managed WordPress environment on September 6 and remained there until November 17 for nearly 70 days, according to the investigation.

Email addresses and customer numbers linked to WordPress accounts; the original WordPress admin password set at account provisioning; SSH File Transfer Protocol (SFTP) and database usernames and passwords; and SSL private keys for a subset of active customers were all exposed in the breach, according to GoDaddy’s report.

Immediately upon the discovery of the compromise, GoDaddy reset all affected SFTP and database passwords, and is currently providing and installing new SSL certificates for those customers who were affected.

Please accept our heartfelt apologies for the inconvenience this has caused our clients.” Our provisioning system will be strengthened with extra levels of protection as a result of our lessons learned from this occurrence, according to the statement.

Also Read: How to Make a Quality Website: Make a Great Website that Can Transform Your Business

Hackers Could Use Stolen Data in A Variety of Ways:

GoDaddy Reports Data Breach

Customers of GoDaddy may suffer long-term effects as a result of the security compromise. There is a considerable risk of phishing attacks when email addresses are made public.

To gain control of WordPress sites, criminal hackers might exploit compromised passwords to implant malware or engage in identity theft and fraud operations.

They might even be able to extort money from the owner of a domain name by encrypting it with the stolen SSL key. Client-server communication might be intercepted, clients could be scammed, and corporate websites could be altered.

What Should Be Done by The Impacted Companies to Minimise the Damage?

Rapid incident response can save a company’s bacon in the event of a breach. Revocation and reissue of compromised digital certificates must be carried out immediately by companies affected by the breach. WordPress administrators should assume they have been compromised and should revoke and reissue all certificates to be on the safe side.

It will take some time for GoDaddy to update all of the new SSL certificates.” For this reason, GoDaddy customers should verify that their certificates have been updated and change their SFTP access passwords to new and unique digits, letters, and symbols to mitigate current vulnerabilities.

If you want to keep your certificates and keys secure, you need to have cryptographic agility,” explains Murali Palanisamy, the Chief Solutions Officer for AppViewX.

Using short-lived digital certificates, he says, will reduce the amount of time attackers have to abuse certificates in the event of a breach.

When compared to standard certificates, short-lived certificates have a validity period of 90 days, which can be shortened further to 30 days if necessary, unlike the regular 1-year validity period. If the keys are stolen, attackers will have little time to devise and execute sophisticated assaults because of the short timescale.

One of the most essential takeaways from the GoDaddy hack is the value and necessity of automating Certificate Lifecycle Management (CLM). Today’s internet security relies heavily on digital certificates, which serve as identifiers. Data breaches can be prevented if they are managed and protected effectively.

PKI teams can quickly and easily revoke and reissue hundreds of thousands of certificates using an automated CLM system. As a result, hackers have more time to exploit a compromised certificate when this process is done manually.

Automated CLM systems also provide enterprises with crypto-agility, a critical skill that helps quickly convert from weak to safer crypto standards in the case of a break-in in order to limit the damage caused by the breach.

Automated solutions can also be used to develop and implement stringent security policies for certificates and keys, as well as establish role-based access control for the most secure environment possible.

GoDaddy Reports Data Breach

In order to assist companies become more proactive in their approach to corporate security, CLM automation combines the best of operational comfort and security.

Also Read: 1337x Proxy Websites: What They Are and How to Use Them

Onward and Upward

More than 20 million people use GoDaddy’s services worldwide. The loss of client confidence will be the most costly consequence of GoDaddy’s data leak, given that customers are becoming increasingly cyber-aware and making security-conscious choices.

Identity-based assaults have been steadily increasing in recent months, and the theft of the SSL key is one of the most recent examples. Millions of businesses around the world use SSL certificates to safeguard their digital operations on the internet.

Digital identities are as important as human ones and must be protected as a key concern for enterprises. Using an automated tool can allow you to accomplish more with fewer resources.

Investing in an end-to-end automation solution will provide significant insight into the certificate and encryption key infrastructure, which will assist prevent certificate-related events.

For More Information Visit Our Site : https://www.techllog.com/

Related Posts

Google Maps Help You Calculate Toll Prices:

Google Maps Help You Calculate Toll Prices: This Feature Helps You to Planed Better Trips

Google made the announcement of new features for Google Maps today, one of which is the deployment of toll rates. These new features will help make it easier for users…

Read more
Apple Brings iMovie 3.0 Update:

Apple Brings iMovie 3.0 Update: You Can Make Videos Instantly with Just a Few Taps

iPhone and iPad users may now download iMovie 3.0 from the App Store. Storyboards and Magic Movie are included for simple animation production. Users are able to make videos within…

Read more
Character Tier Lists in Genshin Impact:

Character Tier Lists in Genshin Impact: A Guide to Developing Your Character

Genshin Impact allows players to assume the roles of a wide variety of characters, each with their own play style and personality. Tier lists of characters, weapons, and more have…

Read more
Garena Free Fire Redeem Codes For October 29

Garena Free Fire Redeem Codes For October 29: Redeem Latest Free Reward Using Codes

The game’s creators continuously drop Garena Free Fire redeem codes, which can be used to buy premium items in-game. After the removal of Pubg Mobile from the Indian market, the…

Read more
Apple Hints at 35W USB-C Charger

Apple Hints at 35W USB-C Charger: So that Two iPhones Could Be Charged Simultaneously

A leaked document from Apple confirms the company is developing a charger with two USB-C ports.It’s possible that two iPhones can be charged concurrently with this charger.Apple has not provided…

Read more
PlayStation State of Play March Event

PlayStation State of Play March Event: The Best Way to Watch, and What to Anticipate when Watching

Just around the bend is another State of Play gathering. PlayStation scheduled a Livestream event for March 9 that would focus on upcoming PS4 and PS5 games. Learn when and…

Read more

Leave a Reply

Your email address will not be published.