Should You Still Host Your Domain At Godaddy

Should You Still Host Your Domain At Godaddy: Popular web hosting and domain registrar GoDaddy has fallen victim to a data breach involving around 28,000 customers.

The incident has prompted a torrent of new concerns around the safety of the company’s servers and around web hosting accounts more generally, and brought about new calls for the use of better authentication methods.

GoDaddy, the world’s largest provider of web hosting accounts, boasts an impressive 19 million customers and manages 77 million domains in total.

As a result, a data breach targeting a company of such a magnitude has disastrous potential.

RELATED: Brands Using User Generated Content To Build Trust

While the full extent of the data breach has yet to be fully determined, the company has nonetheless claimed that the affected users have not suffered a significant loss of data.

What we know so far

News of a security incident at GoDaddy first surfaced in an email sent by the company’s CISO and vice president of engineering, Demetrius Comes.

Addressed to the State of California Department of Justice, the email stated that an unauthorized individual had gained access to the login information of web hosting accounts that connect them to the secure shell (SSH).

The data breach incident reportedly took place on October 29 of last year, and went on undetected for six months until April 23, 2020 when GoDaddy employees noticed that a subset of one its servers was displaying suspicious activity.

It later emerged that the credentials of an unknown number of web hosting accounts were compromised, and an internal investigation into the matter has yet to reach a conclusion.

“We have no evidence that any files were added or modified on your account,” wrote Comes in the email. “The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”

What customers with web hosting accounts should know

GoDaddy has made efforts to assure its customers that, while the breach had indeed compromised millions of web hosting accounts, the damage caused by the attack had been minimal and swiftly brought under control.

Comes, for example, added in his email that GoDaddy had acted quickly and pragmatically to minimize the impact of the data breach. “We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access.

Out of an abundance of caution, we recommend you conduct an audit of your hosting account,” he said.

Comes assured customers that that their “main customer account, and the information stored within your customer account, was not accessible by this threat actor.”

GoDaddy itself released a statement on May 5, in which it confirmed that the number of customers affected stood at approximately 28,000.

“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers,” the company’s statement reads.

“We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers credentials or modified any customer hosting accounts. The individual did not have access to customers main GoDaddy accounts.”

GoDaddy data breach in context

As GoDaddy’s statement indicates, there is so far little that is known about the origin of the data breach affecting web hosting accounts. However, some speculation has circulated as to how the attack might have been launched in the first place.

Back in March, for example, a customer service representative at GoDaddy fell victim to a phishing attack. According to security news website KrebsOnSecurity, the hacker was able to view and edit several customer records—including the domain settings for a number of GoDaddy customers such as, a well-known transaction broker.

As technology reporter Lance Whitney points out, when a data breach typically occurs, it usually takes advantage of some underlying vulnerability or human error in order to gain unauthorized access.

“Savvy cyber-criminals are continually hunting for weaknesses and flaws within an organization’s network,” he writes in TechRepublic. “That’s why businesses must make a concerted effort to maintain and strengthen their security measures, especially when they hold the keys to private customer data.”

This is supported by Anurag Kahol, CTO at cybersecurity solutions firm Bitglass. According to him, the data breach serves to highlight the need for stronger cybersecurity oversight—not only for providers of web hosting accounts, but for organizations in general.

“This security incident impacting GoDaddy customers underscores why organizations need to have full visibility and control over their data,” Kahol said.

“While the web hosting giant confirmed that the breach only affected hosting accounts and not customer accounts or the personal information stored within them, hackers can still leverage the database of login credentials and commit account takeover.”

More specifically, the incident provides an opportunity for more secure methods of authentication to be integrated into providers of web hosting accounts, with the traditional ‘username-password’ combination not being enough to contend with the rate at which cyber-criminality has advanced in recent years.

“As unauthorized parties were able to connect to users’ hosting accounts, it’s clear stronger authentication methods are needed,” asserts Rober Prigge, CEO of Jumio. Prigge points out that GoDaddy, which was a pioneer in internet security during its fledgling years in the 1990s, still has a long way to go in this regard today.

“GoDaddy’s response to reset passwords and provide complimentary web security and malware services is simply not enough,” Prigge adds. “How can GoDaddy ensure these new passwords won’t also result in unauthorized account access once the year ends?”

More from author

Shift Away From Cash And Credit Cards To Digital Wallets

By 2025 digital wallet use will account for just over half (52.5%) of ecommerce transaction value worldwide,...

Amazon And Ebay May Crash On Black Friday And Cyber Monday

TECH bosses have warned of a potential systems crash for e-commerce systems as Black Friday and Cyber...

Phishing Attacks Prevalent On Free Hosting Providers

To stage a phishing site, cybercriminals have several options. They can use a legitimate domain that has...

Google Chrome Will Default To HTTPS On Browser

Google will soon roll out a new version of its Chrome web browser that will automatically load...

Related posts


Latest posts

Entrepreneurs Failure Stories Are Arguably Just As Important As Their Success Stories

Highlighting the benefits of super successful startups that became a unicorn is common in media. Stories of startups becoming unicorns or entrepreneurs making a fortune...

Shift Away From Cash And Credit Cards To Digital Wallets

By 2025 digital wallet use will account for just over half (52.5%) of ecommerce transaction value worldwide, versus 48.6% in 2021, according to the...

How To Start A Drop Shipping Business In Canada?

You should take several steps to launch an e-commerce venture. First, you should find a niche. Next, you should choose a province to headquarter your...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!