GoDaddy Security Breach: How the Hackers Likely Got In

The GoDaddy.com Inc. website makes no mention of the data breach that hit the Web hosting provider, but a picture is coming together on how 445 of its hosting merchant accounts were affected.

News of the breach came when Todd Redfoot, GoDaddy's chief information officer, told a Domain Name Wire reporter last week that the GoDaddy accounts "were accessed by using the account holder's username and password."

Redfoot went on to say the Scottsdale, Ariz., company's security team was still investigating the breach but confirmed it was not an infrastructure breakdown and should not affect additional customers.

Web Hosting Industry News reports the company removed the malicious code, which entered through .htacess files.

Though the 445 secure socket layer-certified sites represents only a fraction of GoDaddy's client database, customers in online forums expressed concern about their payment information being obtained through the merchant sites, and industry analysts agree there should be concern about any security breach.

Once attackers gain access to a website, they can modify a file used for authentication to inject a malicious code, Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs at Trustwave, a Chicago data-security and compliance-service provider, said in an email message

When a GoDaddy user then visits the site, the code could be executed on the visitor's local computer, Percoco said.

"In this case it seems the malicious code was used to redirect the visitor to other malicious websites," Percoco added.

Hackers likely obtained the GoDaddy accountholder name and passwords through "targeted phishing attacks," Percoco said.

Hackers can use a malicious code to modify how a site accepts and processes credit cards or other payment data, putting that data at risk, Percoco said.

A security breach of any size is significant for businesses and paying customers, said Brian Riley, an analyst and research director for TowerGroup.

"The fact that someone is getting into those sites and violating the data is a big thing," Riley said. "When it comes to protecting credit card data, that is an area that becomes significantly important."

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER