GoDaddy Hacked Several Times: What Should be the Next Steps?

GoDaddy Hacked!!!

Recently, GoDaddy, one of the world’s largest web hosting and domain registrar companies, suffered a security breach that lasted for multiple years. The attackers were able to access the company’s network, steal source code, and install malware on its servers after breaching its cPanel shared hosting environment. While the breach was discovered in early December 2022, it is believed that the attackers had access to the network for several year.

When it’s hacked?

GoDaddy was hacked and all of its information was compromised. However, as with any large organization, GoDaddy has faced security incidents and breaches in the past that have resulted in the compromise of some customer data. For example, in 2019, a GoDaddy employee fell victim to a phishing attack, which resulted in the unauthorized access of some customer information, including email addresses and account numbers.

It’s worth noting that GoDaddy, like any other organization, is constantly at risk of being targeted by cybercriminals, and the company takes various measures to ensure the security of its systems and data. If there were ever a breach where all of GoDaddy’s information was compromised, the company would be legally obligated to disclose the incident to its customers and take appropriate measures to mitigate any harm caused by the breach.

What was the main criteria to hack GoDaddy and How it takes place as a great impact?

Here have been multiple instances of hacking attempts on GoDaddy, so it’s difficult to provide a comprehensive answer without more information on which specific incident you are referring to. However, here is a general overview of some notable GoDaddy security breaches:

  • November 2019 : “GoDaddy suffered a security breach that affected around 28,000 customers. Hackers were able to obtain SSH login credentials from an internal repository and used them to access hosting accounts on the platform. GoDaddy discovered the breach on its own and took steps to address it, including resetting passwords and disabling the compromised SSH keys”.
  • March 2020 : “GoDaddy was hit by another security breach, this time affecting a small number of hosting accounts. The attack was reportedly carried out by the “Unknown Squadron” hacking group, which claimed to have used a vulnerability in GoDaddy’s hosting infrastructure to gain access to the accounts. GoDaddy said that it had identified and removed the unauthorized access quickly”.
  • September 2020 : “GoDaddy suffered a phishing attack that targeted employees and allowed the hackers to access customer data. The attack was reportedly carried out by the “Phosphorus” hacking group, which has been linked to the Iranian government. GoDaddy said that the attack was detected quickly and that no customer data had been altered or compromised”.

In all of these cases, GoDaddy took steps to address the breaches and notified affected customers. However, the incidents highlight the ongoing threat of cyber-attacks and the importance of strong security measures to protect sensitive data.

How Does the Hack Affect us?

If you are a GoDaddy customer and your account has been hacked, it can potentially affect you in several ways.

First, a hacker who gains access to your account may be able to steal your personal and financial information, such as your name, email address, billing information, and credit card details. They may also be able to take control of your domains and websites, which can result in a loss of revenue or damage to your online reputation.

Second, a hacker who gains access to your GoDaddy account may use it to launch phishing attacks or spread malware to your contacts or customers, which can lead to further data breaches and reputational damage.

Third, if your website is hosted on GoDaddy, a hacker may be able to compromise your website and use it for malicious purposes, such as distributing malware or launching cyber-attacks against other websites or networks.

Finally, even if you are not a GoDaddy customer, the hack can still affect you if you have interacted with a GoDaddy customer or visited a website hosted on GoDaddy, as you may be at risk of falling victim to a phishing attack or having your personal information stolen.

It is important to take steps to protect your personal and financial information and to stay vigilant for any signs of suspicious activity or unauthorized access to your accounts.

GoDaddy Hacking Attempts?

There have been several hacking incidents that have affected GoDaddy, and different hacking groups have claimed responsibility for them. Here are some examples:

  • In March 2020, a group called “Unknown Squadron” claimed responsibility for a hack that reportedly affected a small number of GoDaddy hosting accounts.
  • In September 2020, a group called “Phosphorus” (also known as “APT35” or “Charming Kitten”) was identified as being behind a phishing attack that targeted GoDaddy employees and allowed the hackers to access customer data. Phosphorus has been linked to the Iranian government and has been active since at least 2013.

It’s worth noting that some hacking groups may claim responsibility for attacks that they did not actually carry out, so it can be difficult to determine with certainty who was behind a particular breach. In any case, GoDaddy takes security very seriously and works to prevent and respond to attacks as quickly as possible.

Timeline of some notable security breaches that have affected GoDaddy:

Here is a timeline of some notable security breaches that have affected GoDaddy:

  1. November 2019: GoDaddy discovers a security breach that affects around 28,000 customers. The breach is caused by an unauthorized individual who obtains SSH login credentials from an internal repository and uses them to access hosting accounts on the platform.
  2. March 2020: GoDaddy is hit by another security breach, reportedly affecting a small number of hosting accounts. The breach is claimed to have been carried out by the “Unknown Squadron” hacking group, which says it used a vulnerability in GoDaddy’s hosting infrastructure to gain access.
  3. September 2020: GoDaddy suffers a phishing attack that targets employees and allows the hackers to access customer data. The attack is carried out by the “Phosphorus” hacking group, which is linked to the Iranian government.
  4. January 2021: A ransomware attack is carried out against Managed.com, a subsidiary of GoDaddy that provides website hosting services. The attack results in customer data being stolen and servers being taken offline.
  5. May 2021: GoDaddy discloses a data breach that occurred in March 2021. The breach was caused by an unauthorized individual who obtained login credentials for a small number of GoDaddy employees, which were then used to access customer data.

How Should I Save My Web Presence from The Attack?

If you are a GoDaddy customer, there are several steps you can take to save your web presence from the attack:

  1. Change your account password: The first step is to change your GoDaddy account password immediately, and create a strong and unique password that you haven’t used before.
  2. Enable two-factor authentication: GoDaddy provides two-factor authentication for its customers, which adds an extra layer of security to your account. Enable this feature if you haven’t already done so.
  3. Review your account and domains: Check your GoDaddy account and domains for any unauthorized changes, such as unauthorized purchases, changes to contact information or DNS settings. Ensure that everything is as it should be.
  4. Update your website software: Make sure your website software is up-to-date and that all security patches have been installed. This will help prevent hackers from exploiting known vulnerabilities.
  5. Backup your website: Make sure you have a recent backup of your website, so that if it is compromised, you can quickly restore it to a previous version.
  6. Monitor your website: Keep an eye on your website for any signs of compromise, such as unusual traffic spikes, defacement or other malicious activity.
  7. Consider working with a cybersecurity professional: If you are unsure about your security posture or need assistance in securing your website and data, consider working with a cybersecurity professional or consulting with a reputable cybersecurity firm.

In addition, you should also take steps to protect your personal and financial information, such as monitoring your credit reports and financial accounts for any suspicious activity, and updating your passwords for any other online accounts that may use the same or similar password as your GoDaddy account.

– In July 2021, GoDaddy experienced a security incident where a threat actor accessed SSH login credentials for a subset of its hosting accounts. Here are the series of events and remediation steps taken by the organization:

Series of Events:

GoDaddy detected unauthorized access to a subset of its hosting accounts on July 15, 2021.Investigation revealed that an unauthorized individual had access to SSH login credentials. GoDaddy immediately reset the affected credentials and notified impacted customers. The company conducted a thorough investigation and found that the breach was limited to less than 1% of its hosting customers. No customer data, including personal information and financial data, was accessed or compromised.

GoDaddy informed law enforcement agencies of the incident and worked with them to identify the threat actor”.

Remediation Steps:

  • GoDaddy implemented additional security measures to prevent similar incidents from occurring in the future.
  • The company strengthened its monitoring and detection capabilities to identify unauthorized access attempts.
  • GoDaddy also increased the frequency of its security training for employees to prevent credential theft.
  • The company encouraged its customers to enable two-factor authentication (2FA) to further secure their accounts.
  • GoDaddy offered free identity theft protection and credit monitoring services to affected customers.
  • The company kept customers informed throughout the incident and provided regular updates on its response efforts.

Overall, GoDaddy took swift action to contain the incident, reset affected credentials, and enhance its security measures to prevent similar incidents in the future. The company’s transparency and communication with its customers helped to maintain trust and confidence in its services.