Password security is an essential line of defense against unwanted visitors. You may use strong passwords and store them in a safe place like a password manager. Still, you have no control when it comes to the way companies secure and protect your personal data, including account passwords.
Then a data breach occurs, and you find out that some companies don’t enforce proper security measures and sometimes don’t even bother to store their customers’ sensitive information safely. And you end up as a potential target for online frauds or cyber-attacks.
We’ve seen this movie before and guarantee we’ll see it again. In this episode, GoDaddy plays the leading role.Let’s dig deeper into the details of web hosting service GoDaddy’s data breach and what you can do to protect your digital data as much as possible.
The Ins and Outs of GoDaddy’s Recent Data Breach
A compromised password is what led to GoDaddy’s data breach. GoDaddy discovered the incident on November 17th and publicly revealed it five days later. Still, the breach occurred a month earlier, on September 6th.
The investigation is still in progress, but what is certain so far is that an unauthorized third-party accessed the company’s WordPress servers. WordFence, a third-party WordPress plugin, uncovered the breach and instantly blocked the compromised account.
The result of the breach is that almost 1.2 million of GoDaddy’s WordPress customers’ sensitive information is now in the wrong hands. The good news is the sensitive information only covers customer numbers and email addresses. The bad news is these email addresses can be later used as targets for phishing attacks. Cybercriminals can unleash malware and collect user credentials and credit card information. Or they can hijack domain names and use them to launch ransomware attacks.
The original WordPress admin password (required during the first installation of WordPress) was also compromised. This means webmasters have to change the “factory” password to keep their websites out of any threats.
Other web hosting brands owned by GoDaddy, like tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, were also affected. It seems these hosting services stored sFTP passwords in plaintext.
This Isn’t the First Security Breach for GoDaddy
GoDaddy went through four more data breaches or similar security incidents until now, including one in 2020 where the same web hosting servers were affected. Following almost the same technique, an unauthorized user grabbed the SSH (Secure Shell remote administration protocol) accounts of over 20,000 customers. The company never clarified if users’ sensitive data was stolen before blocking their accounts.
Before 2020, an attacker breached 28,000 accounts and an AWS (Amazon Web Services) error exposed once again GoDaddy server data.
GoDaddy may be one of cyber-attackers’ favorite targets, but the company may also continually lack strong security controls.
How You Can Secure Your Private Data
Data breaches happen more often than anyone would like, and sadly, you can’t always prevent them. That doesn’t mean you should surrender and accept the situation. You’re the one who can protect your personal data in the best way possible. It all goes down to having just a few online safety habits.
First, you’d want to know if you’ve been involved in any data breach. With CyberGhost ID Guard, check if your email addresses have been compromised; you get a real-time overview of your accounts in one place.
CyberGhost ID Guard has an ongoing monitoring service, alerting you as soon as possible if you’ve been a victim. Additionally, the service allows you to change your password quickly.
Second, carry out tried-and-true security practices like:
*Additional tip: always look for extra security features on every app or online service that you use; some of them include personal access tokens, single sign-on authentication, or the option to access accounts only for specific IP addresses.
Did you have your personal data involved in any recent data breach?
Let me know in the comments section below.