22, GoDaddy Chief Information Security officer Demetrius Comes released
a statement that five days prior on November 17, GoDaddy had discovered suspicious
activity in their Managed WordPress hosting environment. Up to 1.2 million customers
are exposed and at risk. The results of the compromise have exposed customers' numbers,
emails, and passwords.
There are at least six other web hosts that are now affected by the data breach. The six compromised web hosting providers are:
- Domain Factory
- Heart Internet
- Host Europe
- Media Temple
How does this affect you?
The breach of GoDaddy and others will lead to more phishing attacks, password leaks, and brute force attacks. Hackers could use these methods to gain access to your hosted website or DNS, then create malicious links or changes that would affect not only your company, but your customers' security.
How can you protect yourself?
First, change your passwords to a more
complex, non-recycled password. Users often make the mistake of making a
password memorable then use them over and over again across multiple accounts. At
Vector Choice, we recommend using a secured password vault program of some
kind. Examples to look into include LastPass
and Password Boss.
Second, enable Two Factor Authentication for anything that you can. Websites such as GoDaddy and Banks have a second factor of authentication that can help secure your account. This way, even if your password is compromised, they will require your second form of authentication in order to be able to access your account. This second form often comes with an alert of some type so that you will be alerted or notified when someone is attempting to access your account.
Lastly, we recommend a dark web scan of your company's domain to help inform you of risks that may be out there. Frequently conducting phishing tests on your employees and providing continuous web security education is the best way to keep your company safe from attacks, even when one of your vendors becomes compromised. We believe that the more education that your company has, the better. We can work with you and your team to come up with test phishing campaigns and help educate end users to help protect you from malicious attempt and attacks.
If you have any questions or want to learn more, please reach out to our support team you so we can further discuss how we can help.