GoDaddy confirms data breach - comments from Netwrix
May 2020 by Netwrix
The world’s largest domain registrar, GoDaddy, with 19 million customers, has disclosed a data breach impacting web hosting account credentials. The security incident took place on October 19, 2019, after the company’s security team discovered suspicious activity on a subset of GoDaddy’s servers. Matt Middleton-Leal, Netwrix’s General Manager EMEA & APAC, has provided the following statement in response:
“The breach is unfortunate for GoDaddy’s 19 million users, but the method of attack is not a surprise. SSH is a classic example of a forgotten type of account that has more privileges than ordinary users. System administrators and developers often choose to use SSH keys to make their lives easier – it’s a simpler way of connecting to systems, and often bypass some corporate controls. Without appropriate security management, these types of hacks will only continue.
“With GoDaddy still continuing to assess the potential impact across its environment after six months, it’s clear that businesses must understand exactly what access routes exist to their data, and not just the obvious ones. Organisations often focus entirely on the biggest areas of risk, such as Windows Domain admin accounts when it comes to monitoring. But SSH is a secret back door for hackers, and as such, needs the same controls. It’s not enough to just monitor usage of data, organisations have to ensure managing the ownership and distribution of data alongside monitoring as a fundamental principle.
“This is the second security incident to be reported for the company in just a few short weeks. It’s somewhat concerning because with the working from home model placing more strain on networks, now is the time cyber security teams need to pay extra attention to unusual spikes in data access, so they can discover a security incident early and prevent data from leaking.”