“A chain is no stronger than its weakest link.” It’s an idiom we’ve known for ages. No matter how robust the strongest links are, a chain will break at its weakest link. This is more relevant to the cybersecurity world.

The cybersecurity of an organization is only as strong as its weakest security link. Overlooking even the minute aspects of security can inevitably put even the strongest companies at stake.

A recent hack on GoDaddy shines the spotlight on this aspect. A password vulnerability has pushed the world’s leading internet domain registrar and web hosting company into hot water.

A malicious actor leveraged a compromised password to gain illegitimate access to GoDaddy’s Managed WordPress hosting environment. The perpetuator purportedly accessed the provisioning system in the legacy code base for Managed WordPress.

According to GoDaddy, the hacker obtained email addresses and phone numbers of over 1.2 million active and inactive Managed WordPress customers. The data breach also exposed SFTP and database usernames and passwords of the impacted active customers. Moreover, the malicious actor gained access to the SSL private key of a subset of active customers.

At this juncture, one must take cognizance of the fact that the exposure of email addresses provides significant scope for phishing attacks.

Also Read: Microsoft Exchange Hack: Attackers Send Spams as Replies to Existing Email Chains!

However, immediately after discovering the suspicious activity, the company roped in an IT forensic firm and initiated an investigation. It even escalated the incident to the concerned legal authorities.

Fortunately, GoDaddy was proactive enough to oust the perpetrator from its system.

“Upon identifying this incident, we immediately blocked the unauthorized third party from our system,” informed GoDaddy.

“Our investigation is ongoing, but we have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the customer information.”

In response to the incident, the web hosting company contacted all the impacted customers to recommend necessary steps to regain their control.

“Our investigation is ongoing, and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center (https://www.godaddy.com/help), which includes phone numbers based on country,” said the company.

“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down,” said Demetrius Comes, Chief Information Security Officer of GoDaddy.

“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” he added.

How One Can Prevent These Attacks?

The GoDaddy security breach apparently sheds light on poor cyber hygiene across the US cyberspace. From the Colonial Pipeline attack to the Kaseya breach to the current WordPress attack, almost every incident starts with a malicious actor exploiting an overlooked vulnerability.

With the ultimate goal to survive and thrive amid the pandemic, many organizations are putting cyber hygiene out of the equation. As they keenly focus on business, cybersecurity vulnerabilities are left unattended. And cybercriminals are firing all cylinders to exploit these vulnerabilities.

Also Read: Robinhood’s Hack Worsens: Threat Actor Pilfers 4,400 Phone Numbers!

It’s pretty obvious that balancing business and security has become a tightrope walk amid the crisis. However, one ought to take due cognizance of severe implications if their organization falls into the crosshairs of cybercriminals. At this juncture, cybersecurity experts like StealthLabs are the need of the hour.

We, at StealthLabs, can help you strike the delicate balance between business and security.  Our security experts shall help instill cyber hygiene across your organization as you focus on business growth.

With a wide range of security service offerings, we help you patch every security vulnerability that can put your business at potential risk. So, join forces with us now to meet the security needs of today and tomorrow.

Contact Us

More News:

• DeFi Firm Cream Finance Suffers Crypto Hack,
• Robinhood Suffers Yet Another Massive Breach
• 80% of Organizations Plan to Adopt Zero-Trust Security Strategy!
• 95% of Ransomware Attacks Target Windows Devices
• Microsoft Blames Russia for Most Cyberattacks
• Microsoft Suffers Yet Another Breach!
• REvil’s Faux Pas Thwarts Massive Ransomware Attack