= Subscriber content; or subscribe now to access all American Banker content.

GoDaddy Security Breach: How the Hackers Likely Got In

The GoDaddy.com Inc. website makes no mention of the data breach that hit the Web hosting provider, but a picture is coming together on how 445 of its hosting merchant accounts were affected.

News of the breach came when Todd Redfoot, GoDaddy's chief information officer, told a Domain Name Wire reporter last week that the GoDaddy accounts "were accessed by using the account holder's username and password."

Redfoot went on to say the Scottsdale, Ariz., company's security team was still investigating the breach but confirmed it was not an infrastructure breakdown and should not affect additional customers.

Web Hosting Industry News reports the company removed the malicious code, which entered through .htacess files.

Though the 445 secure socket layer-certified sites represents only a fraction of GoDaddy's client database, customers in online forums expressed concern about their payment information being obtained through the merchant sites, and industry analysts agree there should be concern about any security breach.

Once attackers gain access to a website, they can modify a file used for authentication to inject a malicious code, Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs at Trustwave, a Chicago data-security and compliance-service provider, said in an email message

When a GoDaddy user then visits the site, the code could be executed on the visitor's local computer, Percoco said.

"In this case it seems the malicious code was used to redirect the visitor to other malicious websites," Percoco added.

Hackers likely obtained the GoDaddy accountholder name and passwords through "targeted phishing attacks," Percoco said.

Hackers can use a malicious code to modify how a site accepts and processes credit cards or other payment data, putting that data at risk, Percoco said.

A security breach of any size is significant for businesses and paying customers, said Brian Riley, an analyst and research director for TowerGroup.

"The fact that someone is getting into those sites and violating the data is a big thing," Riley said. "When it comes to protecting credit card data, that is an area that becomes significantly important."


(2) Comments



Comments (2)
Thanks for the feedback Todd. David's follow-up story, which is based on your comments, is now live on our site and I've added a link to it along the side of this story in the "Related Links" box.
Posted by dwolfe | Tuesday, September 27 2011 at 9:42AM ET
We need to clarify a misunderstanding in this article about our customers' credit card data. At no time during the incident was any of our customers' personal data exposed or compromised, including their credit card information.

Go Daddy takes its customers' privacy very seriously. We devote substantial resources to ensuring the safety and security of our data and systems. Furthermore, credit card systems and Web hosting systems are not integrated, so even if there had been a compromise in our Web hosting, it would not, and could not, impact credit card account information or any other of our customers' personally identifiable information.

Todd Redfoot
Chief Information Security Officer
Posted by Nick F | Saturday, September 24 2011 at 8:24PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.