News Insight: The GoDaddy Data Breach
GoDaddy got hacked earlier this week, causing this site to go down for 24 hours.
According to Jim Taylor, Chief Product Officer for trusted identity platform, SecurID (an RSA Business):
“This breach puts GoDaddy users—and ultimately their employees and clients—at greater risk of phishing attacks, account take-over, and brand impersonation. Ultimately the breach means that GoDaddy’s users should put even greater emphasis on authentication and verify a user is who they claim to be.
Phishing, account take-over, and brand impersonation could create major damage to GoDaddy’s users: these attacks could enable hackers to scam customers, damage a brand’s reputation, make changes to their corporate website, expose business to GDPR violations, and more. Moreover, if the leaked GoDaddy credentials are the same or similar to other, third-party services or admin information, then cybercriminals could infiltrate a corporate network or launch a ransomware attack.
While the unauthorized person used a compromised password to get access to GoDaddy’s systems and that it is still not clear if the compromised password was protected with two-factor authentication – broadly speaking, passwords make for terrible security. In 2020, 80% of hacking-related data breaches involved brute force or the use of weak or stolen passwords. Every organization should try to eliminate as many passwords as possible specifically because of the risk that they pose. Moreover, some form of multi-factor authentication should be table stakes for every business
Passwords are difficult for legitimate users to remember and easy for hackers to guess – every business should try to eliminate passwords and go passwordless. At a minimum, every business also needs some form of multi-factor authentication to verify access requests.
In its most recent fraud report, Outseer found that nearly half of all cyberattacks involved some form of brand impersonation. These leaked credentials could accelerate that trend—if a website or service that you’ve done business with in the past seems off, take a moment before handing over your account information or submitting an order. Ultimately, the same security practices apply to individuals as well as businesses: minimize your use of passwords and turn on MFA to make it harder for a hacker to access what they shouldn’t.”