Dynadot

news GoDaddy discloses recent security breach !

NameSilo

lovely4ever

Established Member
Impact
933


1637594708891.png


1637594753330.png




.
 

Future Sensors

78% of human domainers will be replaced by robots
Impact
8,921
Impact
423
https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.

ugh!
 

DN Playbook

Established Member
Impact
1,028
@Joe Styler, @Dan Nicks, do you know if this breach affects only hosting customers or also domain registrants? Also, how was it possible that login credentials were stored either in plaintext or in a format that could be easily reversed into plaintext? I used to be a customer of Media Temple before GD acquired them and they seemed pretty technically and security savvy.
 
Last edited:
Impact
471
Just waiting for a similar explosion of rage from the same people who were furiously bashing Epik for exactly the same thing about a month ago.
Exactly. Is Godaddy doomed? Everyone who uses them (who is that btw?) gonna move their domains and hosting now? Is it going to be some political smearing of the CEO?

Companies get breached, that's the lesson here. You can hope that breaches are handled professionally and that they do their best to secure your account.
 

lock

BrokerDomainer
Impact
6,669
I was sent an email as why i know about it but i just deleted it as i have as many hacks as hot dinners. I spend most of my time now fixing things and trying to get rid of hackers i deleted most of my sites as overwhelmed with work. Getting to a point a one man show isn't worth the effort. My emails etc are in the thousands for data leaks most people wouldn't notice or look.
 
Last edited:

Future Sensors

78% of human domainers will be replaced by robots
Impact
8,921
Tags
data breach notification Watch tag godaddy.com llc Watch tag state of california Watch tag
Last edited:

DN Playbook

Established Member
Impact
1,028
Just waiting for a similar explosion of rage from the same people who were furiously bashing Epik for exactly the same thing about a month ago.

Exactly. Is Godaddy doomed? Everyone who uses them (who is that btw?) gonna move their domains and hosting now? Is it going to be some political smearing of the CEO?

Companies get breached, that's the lesson here. You can hope that breaches are handled professionally and that they do their best to secure your account.
There is still more information to become available. However, there are some key differences here between the breach of Epik and the breach of GoDaddy. Like response time, scope of the breach, fall-out, motivation and goals of the hacker(s), etc. I had a serious breach about 10 years ago, and the hacker(s) placed malicious code on the server to send out spam and collect email addresses. The hackers wanted to keep the hack incognito as this would allow them to exploit the server for as long as possible. This seems to be the case here. It is to GoDaddy's credit that they identified it so soon (it occurred on Nov 17) and responded fairly quickly.
 
Last edited:

VadimK

Top Contributor
Impact
1,804
There is still more information to become available. However, there are some key differences here between the breach of Epik and the breach of GoDaddy. Like response time, scope of the breach, fall-out, motivation and goals of the hacker(s), etc. I had a serious breach about 10 years ago, and the hacker(s) placed malicious code on the server to send out spam and collect email addresses. The hackers wanted to keep the hack incognito as this would allow them to exploit the server for as long as possible. This seems to be the case here. It is to GoDaddy's credit that they identified it so soon (it occurred on Nov 17) and responded fairly quickly.

Oh really? If there are ''more information to become available'' how can you even say that there are ''key differences''?

But did you even read the article, linked in the header? It's clearly said that the first breach happened on Sept 6, and GoDaddy only made it public on Nov 22. Oh yeah, indeed it's different from Epik, who admitted it like the next day, I totally agree...

The rest is just pure speculation - ''the motivation and goals of hackers'' - who gives a shit? What does it has to do with an outcome? Breach is breach, damage is done to both. Should a person holding a portfolio with GoDaddy be more relieved, knowing hackers weren't inspired by GoDaddy top management's political views? Big difference for a domainer, indeed... You shouldn't even change the passwords, when it's GoDaddy, right?
Obviously, it was done to GoDaddy for greater good, but to Epik because of ''...evil Rob Monster!!!...''.
 
Last edited:

Future Sensors

78% of human domainers will be replaced by robots
Impact
8,921
Tags
godaddy annual report 2020 Watch tag godaddy operational risks Watch tag godaddy insurance Watch tag godaddy liability Watch tag
From the GoDaddy Annual Report, 2020

Operational Risks
(page 26 and further)

We are exposed to the risk of system failures and capacity constraints.

We have experienced, and may in the future experience, system failures and outages disrupting the operation of our websites or our products such as web-hosting and email, or the availability of our customer care operations. Our revenue depends in large part on the volume of traffic to our websites, the number of customers whose websites we host on our servers and the availability of our customer care operations. Accordingly, the performance, reliability and availability of our websites and servers for our corporate operations and infrastructure, as well as in the delivery of products to customers, are critical to our reputation and our ability to attract and retain customers. Any such system failure or outage could generate negative publicity, including on social media, which could negatively impact our reputation and financial results. As we continue our transition to AWS to host our products over the next several years, we have become, and will become, more dependent on third parties to accommodate the high volume of traffic to our websites and those of our customers.

We are continually working to expand and enhance our website features, technology and network infrastructure and other technologies to accommodate substantial increases in the volume of traffic on our godaddy.com and affiliated websites, the number of customer websites we host and our overall total customers. We may be unable to project accurately the rate or timing of these increases or to successfully allocate resources to address such increases, which could have a negative impact on customer experience and our financial results. In the future, we may be required to allocate additional resources, including spending substantial amounts, to build, purchase or lease data centers and equipment and upgrade our technology and network infrastructure in order to handle increased customer traffic, as well as increased traffic to customer websites we host. We also expect to increasingly rely on third-party cloud computing and hosting providers such as AWS as we transition to the public cloud. We cannot predict whether we will be able to continue to add network capacity from third-party suppliers or otherwise as we require it. In addition, our network or our suppliers' networks might be unable to achieve or maintain data transmission capacity high enough to process orders or download data effectively or in a timely manner. Our failure, or our suppliers' failure, to achieve or maintain high data transmission capacity could significantly reduce consumer demand for our products. In addition, in response to COVID-19, we closed offices to comply with local "shelter-in-place" orders and moved all of our GoDaddy Guides to work remotely; as a result, their productivity and efficiency has been and may continue to be negatively affected, including their ability to download or process orders at the same rate as before the COVID-19 pandemic and increased risk of systems disruptions. The property and business interruption insurance coverage we carry may be subject to fact-dependent and incident-specific exclusions or may not be adequate to compensate us fully for losses that may occur.

We rely on third parties to perform certain key functions, and their failure to perform those functions could result in the interruption of our operations and systems and could result in significant costs and reputational damage to us.

We rely on third parties, and other parties with which those third parties contract, to perform certain technology, processing, servicing and support functions on our behalf, and may in the future choose to transition a function previously managed by us to such third parties. In particular, we have are in the process of transitioning from company-owned and co-located data centers to third-party cloud computing and hosting providers, including AWS. When we choose to transition a function to a third party, we may spend significant time and effort, incur higher costs than originally expected and experience delays in completing such transition. We may never realize any of the anticipated benefits of relying on such third parties, including acquisition of new customers, improved product features and positive financial results. In addition, these third parties are vulnerable to operational and technological disruptions, including from cyber attacks, which may negatively impact our ability to provide services to our customers, operate our business and fulfill our financial reporting obligations. We may have limited remedies against these third parties in the event of service disruptions. If third parties are unable to perform these functions on our behalf because of service interruptions or extended outages, or because those services are no longer available on commercially reasonable terms, our expenses could increase and our customers' use of our products could be impaired until equivalent services, if available, are identified, obtained and implemented, all of which could adversely affect our business.

A network attack, a security breach or other data security incident could delay or interrupt service to our customers, harm our reputation or subject us to significant liability.

Our operations depend on our ability to protect our network and systems against interruption, a breach of confidentiality, or other damage from unauthorized entry, computer viruses, denial of service attacks and other security threats both within and beyond our control. These threats may arise from human error, fraud, or malice on the part of our employees, insiders, or third parties, or they may result from accidental technological failure. Any of these parties may also attempt to fraudulently induce employees, customers, or other third-party users of our systems to disclose sensitive information, wittingly or unwittingly, in order to gain access to our data or that of our customers or third parties with whom we interact.

We regularly experience distributed denial of service (DDOS) attacks by hackers aimed at disrupting service to our customers and attempts to place illegal or abusive content on our or our customers' websites, and we may be subject to DDOS attacks or content abuse in the future. Our response to such DDOS attacks may be insufficient to protect our network and systems, especially as attacks increase in size and nation-state actors use DDOS attacks against political and economic adversaries. In addition, there has been an increase in the number of malicious software attacks in the technology industry generally, including newer strains of malware, ransomware and cryptocurrency mining software.

Social engineering efforts may compromise our personnel or those of our third-party vendors, leading to unauthorized access to facilities, systems or information we have a responsibility to protect, which could lead to the unauthorized acquisition of information, the unavailability of systems or information or the compromise of customer accounts. Despite efforts to promote security awareness and training for our personnel and vendors, malicious actors are increasingly sophisticated and successful in their use of social engineering techniques. In recent months, we have experienced an increased level of social engineering efforts and several successful social engineering efforts, including by a persistent threat actor, which have, among other things, attempted to transfer customer domain names and targeted domains related to cryptocurrency. We have taken steps and continue to work to enhance our security and resilience against social engineering, requiring additional engineering efforts and modifications to our technology architecture as well as the expenditure of time and additional cost. We cannot guarantee that in all cases our efforts will be successful or that future social engineering incidents will be of similarly minimal impact, and, if successful, such incidents may cause financial and reputational harm.

We cannot guarantee our backup systems, regular data backups, security protocols, network protection mechanisms, cybersecurity awareness training, insider threat program, access controls, and other procedures and measures currently in place, or that may be in place in the future, will be adequate to prevent or remedy network and service interruption, system failure, third-party operating systems and software vulnerabilities, damage to one or more of our systems, data loss, security breaches or other data security incidents. Also, our products are cloud-based, and the amount of data we store for our customers on our servers has been increasing as our business has grown. Despite the implementation of security measures, our infrastructure may be vulnerable to computer viruses, worms, other malicious software programs, social engineering attacks, insider threats, credential theft and related abuse, illegal or abusive content or similar disruptive problems caused by our customers, employees, consultants or other Internet users who attempt to invade or disrupt public and private data networks or to improperly access, use or obtain data.

In addition, the process of transferring customer personal information in connection with the migration of customers from one product to another may result in data loss. Any actual or perceived breach of our security, or any other data security incident, could damage our reputation and brand, expose us to a risk of loss or litigation and possible liability, subject us to regulatory or other government inquiries or investigations, require us to expend significant capital and other resources to alleviate problems caused by the breach and to make required improvements to our systems, and deter customers from using our products, any of which would harm our business, financial condition and operating results. For example, in July 2018 we discovered a third party had accessed certain data of our Domain Factory customers. We have spent significant time and resources responding to the initial incident and continue to respond to subject access requests (SARs) from Domain Factory customers. To date, the Bavarian Data Protection Agency has not rendered its final decision on its investigation of this incident; nor has it issued any fines, but we could be subject to fines in the future related to this incident in an amount we cannot predict at this time. In case of a future incident, a history of past incidents, such as the July 2018 incident, may increase the risk of higher sanctions, or that investigations into past incidents may be re-invigorated. More recently, in March 2020, we discovered a threat actor compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel. These hosting login credentials did not provide access to the hosting customers' main GoDaddy account. We have spent resources investigating and responding to this activity, notified the impacted customers, reported the activity to applicable regulatory authorities, and are responding to requests for information.

If the security of the confidential information or personal information we or our vendors or partners maintain, including that of our customers and the visitors to our customers' websites stored in our systems, is breached or otherwise subjected to unauthorized access, our reputation may be harmed and we may be exposed to liability.

Our business involves the storage and transmission of confidential information, including personal information. In addition, as nearly all of our products are cloud-based, the amount of data we store for our customers on our servers (including personal information and other potentially sensitive information), and on servers used by our vendors and partners (such as AWS), has been increasing. We take measures intended to protect the security, integrity and confidentiality of the personal information and other sensitive information, including payment card information, that we collect, store or transmit, but cannot guarantee that inadvertent or unauthorized use or disclosure of such information will not occur or that third parties, including nation-states and bad actors, or our personnel or those of our vendors will not gain unauthorized or other malicious access to this information or systems where personal information is processed despite our preventative efforts or those of our vendors or partners.

If third parties succeed in penetrating our security measures or those of our vendors and partners, or in otherwise accessing or obtaining without authorization the payment card information or other sensitive or confidential information we or our vendors and partners maintain, we could be subject to liability, loss of business, litigation, government investigations or other losses. Hackers or individuals who attempt to breach our security measures or those of our vendors and partners could, if successful, cause the unauthorized disclosure, misuse, or loss of personal information or other confidential information, including payment card information, or malfunctions or interruptions in our networks and services. As we continue to rely more on third-party and public-cloud infrastructure, such as AWS and other third-party service providers, we have become, and will become, more dependent on third-party security measures to protect against unauthorized access, cyber attacks and the mishandling of customer data and we may be required to expend significant time and resources to address any incidents related to the failure of those third-party security measures. Increased handling of personal information and other customer data and confidential information by vendors, partners and other third parties, including through our increased reliance on third-party and public-cloud infrastructure and other third-party service providers, may create increased risks of unauthorized disclosure, misuse or loss of these types of information. We also anticipate being required to expend significant resources in an effort to maintain and improve efforts in our oversight of vendors and other third parties with whom we share data or otherwise process data on our behalf. In addition, our customers may request we produce evidence of our data security program as part of their own compliance programs. Responding to such requests may be costly and time consuming.

If we or our partners experience any breaches or sabotage of our security measures, or otherwise suffer unauthorized use or disclosure of, or access to, personal information or other confidential information, including payment card information, we might be required to expend significant capital and resources to remediate these problems and protect against additional breaches or sabotage. We may not be able to remedy any problems caused by hackers or other similar actors in a timely manner, or at all, due to, among other things, a lack of qualified personnel to handle such problems or the failure of our personnel to follow internal policies and procedures. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until after they are launched against a target, we and our vendors and partners may be unable to anticipate these techniques or to implement adequate preventative measures on a timely basis. Advances in computer capabilities, discoveries of new weaknesses, increased likelihood of nation-state cyber attacks, and other developments with software generally used by the Internet community, such as the Meltdown and Spectre vulnerabilities, which exploit security flaws in chips manufactured in the last 20 years, the Shellshock vulnerability in the Linux Bash shell, continually evolving ransomware attacks, or developments related to the SolarWinds Orion product incident, also increase the risk that we, or our customers using our servers and services, will suffer a security breach. We or our partners may also suffer security breaches or unauthorized access to personal information and other confidential information, including payment card information, due to employee error, rogue employee activity, unauthorized access by third parties acting with malicious intent or committing an inadvertent mistake, or social engineering. If a breach of our security or other data security incident occurs or is perceived to have occurred, the perception of the effectiveness of our security measures and our reputation could be harmed and we could lose current and potential customers. In this regard, we recently determined that a threat actor distributed a malicious file across our hosting servers. While our terms of service provide that our customers should not use hosting services to process their customers' credit card transactions, we determined that the file resulted in the compromise of a small number of our customers' customers' credit cards. We notified our customers and have engaged with them to offer identity theft monitoring to the affected parties.

Security breaches or other unauthorized access to personal information and other confidential information, including payment card information, could result in claims against us for unauthorized purchases with payment card information, identity theft or other similar fraud claims as well as for other misuses of personal information, including for unauthorized marketing purposes, which could result in a material adverse effect on our business or financial condition. Moreover, these claims could cause us to incur penalties from payment card associations (including those resulting from our failure to adhere to industry data security standards), termination by payment card associations of our ability to accept credit or debit card payments, litigation and adverse publicity, and regulatory or other government inquiries or investigations, any of which could have a material adverse effect on our business and financial condition. Although we maintain cyber liability insurance coverage that may cover certain liabilities in connection with a security breach or other security incident, we cannot be certain our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on commercially reasonable terms (if at all) or that any insurer will not deny coverage as to any future claim, including if a nation-state is declared the sponsor or perpetrator of such act; for example, following the U.S., U.K., Canadian and Australian governments' attribution of Russia for the NotPetya ransomware attack, Zurich American Insurance Co. denied Mondelez International, Inc.'s claim for damages from that attack, resulting in ongoing litigation between Zurich and Mondelez, which raises broader uncertainty across the cyber insurance market regarding the availability of coverage for nation-state-led cyber attacks. The successful assertion of one or more large claims against us that exceed available insurance coverage, the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, or denials of coverage based on "act of war" or similar exclusions triggered by attribution of an attack to a nation-state, could have a material adverse effect on our business, including our financial condition, results of operations and reputation.

We expect to continue to expend significant resources to protect against security breaches and other data security incidents. The risk that these types of events could seriously harm our business is likely to increase as we expand the number of cloud-based products we offer and operate in more countries.

Full annual report (2020):

https://aboutus.godaddy.net/investor-relations/financials/default.aspx

https://s23.q4cdn.com/406380394/files/doc_financials/2020/ar/GDDY-2020-Annual-Report.pdf
 
Top