cyber Ransomware

GoDaddy

Jul 9, 2023 1 min read
GoDaddy

GoDaddy reported the compromising of 28,000 of its customers' web hosting accounts.

One of its primary domain names is hosted by "GoDaddy," who inadvertently gave a malicious actor control of the account and site.

As a result, the actor was able to manipulate several internal email accounts by altering DNS data. After some time had passed, the hostile actor was able to access document storage and compromise some of their infrastructure.

Unauthorized changes were made to certain of the domain registration records' settings at GoDaddy, temporarily rerouting the site's email and web traffic.

Although it appears that no emails, passwords, or other sensitive information was obtained, the business advised changing the password and turning on 2FA security.

Source: https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/

TPRM report: https://scoringcyber.rankiteo.com/company/godaddy

"id": "god2315623",
"linkid": "godaddy",
"type": "Breach",
"date": "11/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': '28,000',
                        'industry': 'Technology',
                        'name': 'GoDaddy',
                        'type': 'Web Hosting Provider'}],
 'attack_vector': 'DNS Manipulation, Compromised Accounts',
 'data_breach': {'type_of_data_compromised': 'Document Storage, DNS Data'},
 'description': "GoDaddy reported the compromising of 28,000 of its customers' "
                'web hosting accounts. A malicious actor gained control of a '
                'primary domain name and manipulated internal email accounts '
                'by altering DNS data. The actor accessed document storage and '
                'compromised some of their infrastructure. Unauthorized '
                "changes were made to domain registration records' settings at "
                "GoDaddy, temporarily rerouting the site's email and web "
                'traffic. No emails, passwords, or other sensitive information '
                'was obtained, but the business advised changing the password '
                'and turning on 2FA security.',
 'impact': {'data_compromised': 'Document Storage, DNS Data',
            'operational_impact': 'Temporary rerouting of email and web '
                                  'traffic',
            'systems_affected': 'Web Hosting Accounts, Internal Email '
                                'Accounts, Domain Registration Records'},
 'initial_access_broker': {'entry_point': 'Compromised Account Credentials'},
 'recommendations': ['Change Passwords, Enable 2FA Security'],
 'response': {'remediation_measures': ['Password Change, Enable 2FA Security']},
 'threat_actor': 'Unknown Malicious Actor',
 'title': 'GoDaddy Web Hosting Accounts Compromised',
 'type': 'Unauthorized Access, DNS Manipulation',
 'vulnerability_exploited': 'Compromised Account Credentials'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.