On February 17th, 2023, one of the world’s largest domain registrars, and by extension, third-party to more than 20 million organizations worldwide, GoDaddy, suffered a security breach. Here’s everything you need to know—from how to tell if you’re exposed, to how to respond and mitigate your risk exposure.
What happened… again?
GoDaddy reported that in December 2022, an unauthorized third-party breached theirs shared hosting environment, compromising their cPanel management technology. The attackers then stole source code and installed malware on their servers in what appears to be the latest iteration of a multi-year attack. Let me repeat that: GoDaddy believes this attack has been going on for years and by the same organization.
Who might be impacted?
All customers of GoDaddy – and all customers of those customers – are at risk regardless of the product or services in use. In essence, any organization whose third parties are using GoDaddy as a piece of their infrastructure are also at risk.
How bad is it?
That depends on how your organization – and how your third-parties – utilize GoDaddy.
If you are using GoDaddy as a DNS Provider, email provider or host for WordPress, the impact may be more severe. Access to your DNS records could be used to redirect visitors and customers of your domains to malicious websites. If you are using GoDaddy for email, the attacker(s) may have access to your email accounts. The impact may be especially severe if you’re holding sensitive customer information or PII, and thus subject to various data privacy regulations.
At present, some GoDaddy customers have complained the attackers have redirected their domains to malicious websites.
What should you do right now?
Identify, protect and respond.
Identify
Use a Third-Party Security Risk Management platform like Panorays to confirm whether you or your third-party suppliers are using GoDaddy, and how. If you do not have a third-party security risk vendor, register for a free account today to do a self-assessment and investigate your third-parties and vendors.
Protect
If you are using GoDaddy services, enable multi-factor authentication and rotate your passwords immediately.
Communicate to any of your third-parties you suspect are using GoDaddy services to determine if there were any impact notices on the services they are providing to your organization. If there were, ascertain what actions were taken to mitigate these issues. It’s also a good idea to recommend that they take the same precautions we recommended for you.
Respond
Refer to Panorays’ Third-Party Incident Response Playbook to help you prepare for and respond to incidents like these with your third-parties.
Other than the official SEC Filing, there has been no official comment from GoDaddy, nor any notification sent to its customers at this time.
Panorays can help you verify if you are impacted by this breach. Panorays’ automatically identifies your third-parties, including GoDaddy, as well as their third-parties (your fourth-parties), for example: if they are using GoDaddy. Furthermore, Panorays identifies which of your third-parties pose the highest cybersecurity risk to your organization, and prioritizes collaborative remediation. As always, we recommend vigilance and a proactive approach.
For more information, feel free to Contact Panorays with any questions or a free assessment of your digital supply chain.
