The webhosting service released a statement saying that the service was being attacked since November 17, 2021. Their Managed WordPress hosting environment was vulnerable to unauthorized third-party access and that resulted in a catastrophic data breach. The attackers accessed the provision system in GoDaddy’s legacy code base using a compromised password.
Once the malicious activity was detected, the unauthorized third-party was blocked from the system. Investigation into the incident revealed that the attack started on September 6, 2021 and was only just discovered.
A previous attack was also identified by GoDaddy in May of 2020 where data of around 28,000 customers was breached by threat actors.
The leading cause of both the 2020 and 2021 breach is an implementation (or lack there of) ineffective cyber security standards and policies. Therefore, the first remedial measures are:
Implementation of strong passwords.
Implementing Two-Factor Authentication
Changing and modifying the original admin passwords.
Implementing network and system hardening.
Being wary of scam emails and implementing email security.