On November
22, GoDaddy Chief Information Security officer Demetrius Comes released
a statement that five days prior on November 17, GoDaddy had discovered suspicious
activity in their Managed WordPress hosting environment. Up to 1.2 million customers
are exposed and at risk. The results of the compromise have exposed customers' numbers,
emails, and passwords.
There are at least six other web hosts that are now affected by the data
breach. The six compromised web hosting providers are:
- 123Reg
- Domain Factory
- Heart Internet
- Host Europe
- Media Temple
- tsoHost
How does this affect you?
The
breach of GoDaddy
and others will lead to more phishing attacks, password leaks, and brute force
attacks. Hackers could use these methods to gain access to your hosted website
or DNS, then create malicious links or changes that would affect not only your
company, but your customers' security.
How can you protect yourself?
First, change your passwords to a more
complex, non-recycled password. Users often make the mistake of making a
password memorable then use them over and over again across multiple accounts. At
Vector Choice, we recommend using a secured password vault program of some
kind. Examples to look into include LastPass
and Password Boss.
Second, enable Two Factor Authentication for anything that you can. Websites
such as GoDaddy and Banks have a second factor of authentication that can help
secure your account. This way, even if your password is compromised, they will
require your second form of authentication in order to be able to access your
account. This second form often comes with an alert of some type so that you
will be alerted or notified when someone is attempting to access your account.
Lastly, we recommend a dark web scan of your
company's domain to help inform you of risks that may be out there. Frequently
conducting phishing tests on your employees and providing continuous web
security education is the best way to keep your company safe from attacks, even
when one of your vendors becomes compromised. We believe that the more
education that your company has, the better. We can work with you and your team
to come up with test phishing campaigns and help educate end users to help
protect you from malicious attempt and attacks.
If you have any questions or want to
learn more, please reach out to our support
team you so we can further discuss how we can help.
