GoDaddy - A Multiyear Breach...

-

Can you believe we are at it again?

Initially, I assumed that I would only post articles when I have the time (and that appeared to be a "once-a-month" gap), however looking at the number of breaches we are seeing, I'd say that we would be great at a monthly blog post, since it appears there is always a major story every month 🙈

So whats the deal with GoDaddy? Well... In short, threat actors ran and played long enough "inside" GoDaddy for nearly three years. At first, we assumed that it was just the same group that was responsible for an intrusion detected in March 2020, November 2021, and December 2022. 

Although it sounds like different things went wrong each time, it was, in fact, the same group!!

In the most recent breach, they found malware installed and parts of their code stolen. It's hard to say from the outside, but it would seem that GoDaddy attempted to remediate the breach, but clearly, they left something behind that allowed the attackers to maintain their ground or it could also be that this group was so focused on GoDaddy as a target that they found another way to get in AGAIN. 

Either scenario is possible, but it does mean that GoDaddy was under a concerted, focused effort by a particular group over a period of three years. While we heard about some of these breaches as individual events, we actually are now seeing the big picture. 

If this appears to be something like you have already read before, then perhaps you may be thinking of our previous post on LastPass breach. 

Similar to LastPass, the threat actors carried out these little breaches here, there and then almost everywhere inside GoDaddy. It was their plan/intention all along!

So since GoDaddy is a public co. They had no choice but to disclose this breach, and that's how we're finding out about it. 

I must admit that my better-half is a GoDaddy customer for her own website (well domain name reg only) and she didn't even receive any notification about it. But I need to stress, that if you are a fully invested GoDaddy customer, than all your data is fully compromised. We have read up and learnt that private keys were also lost, thus undermining confidence in a platform like GoDaddy... 

BUT.... If you take a step back, a moment to think of the recent breaches we have seen, don't you agree that we sort-of keep on seeing the same type of activity with other vendors? 

I think soon enough this is going to be a common trend!

So how did this occur?

Well, we are busy debating here with several of our editorial staff on whether or not we should include the detailed analysis on exactly how this transpired. Some of them argued and questioned "Are we are doing the LastPass story again?" 😂

So to draw this debate, we will be leaving it to you "our readers" ... Let us know below and comment if you would like one of our team members to spend countless hours digging up and providing us with all this info! You already have my vote +1  😁

Comments

Post a Comment

Popular posts from this blog

LassPass Breach

-
Image
Looking at the LastPass breach... Trust us when we say it is way worse than they want you to believe... So why are we coming back to it again, what's new? There are a few things that are going on here and we do want to mention that it's not the users fault that this occurred. LastPass needs to be accountable for what happened and the quick summary if you've enjoyed too much on the Festive Season (heck we all did!) and don't know what's going on with LastPass….   Back in July/August of 2022, LastPass had a breach, and an attacker managed to construct a well-crafted phishing campaign and managed to gain access to a Dev environment in LastPass, and steal the LastPass source code. Among other things, at the time LastPass informed us all that no customer vaults were affected, that the attacker got access to some source code but it wasn't useful by itself, and that they had already taken measures to contain the breach and stop the access. Well…. 😐 Just ...
Read more