Concerned customers of website domain provider GoDaddy.com Inc. were blazing the blog lines with questions and speculation in the wake of the company’s Sept. 21 announcement that 445 of its hosting merchant accounts experienced a security breach.
News of the breach came when Todd Redfoot, GoDaddy’s chief information officer, told a Domain News reporter that the GoDaddy accounts “were accessed using the accountholder’s username and password.”
Redfoot went on to say the Scottsdale, Ariz.-based GoDaddy security team was still investigating the breach but confirmed it was not an infrastructure breakdown and should not affect additional customers.
The GoDaddy.com website makes no mention of the breach, but Web Hosting Industry News reports the company removed the malicious code, which entered through .htacess files.
Though the 445 secure socket layer-certified sites represents only a fraction of GoDaddy’s client database, customers in online forums expressed concern about their payment information being obtained through the merchant sites, and industry analysts agree there should be concern about any security breach.
Once an attacker gains access to a website, he can modify a file used for authentication to inject a malicious code, Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs at Trustwave, a Chicago-based data-security and compliance-service provider, told PaymentsSource in an email message
When a GoDaddy user then visits the site, the code could be executed on the visitor’s local computer, Percoco said.
“In this case it seems the malicious code was used to redirect the visitor to other malicious websites,” Percoco added.
Peroco believes hackers likely obtained the GoDaddy accountholder name and passwords through “targeted phishing attacks.”
Such attacks are not technically difficult for a hacker to perform when searching websites through a specific provider, Percoco said.
Hackers first seek an email address and then prompt that person to use his name and GoDaddy password go to GoDaddy.com to confirm or update some information, he said.
Hackers can use a malicious code to modify how a site accepts and processes credit cards or other payment data, putting that data at risk, Percoco said.
Because GoDaddy has had past security breaches does not necessarily make it an “easy target” for hackers, who could use the same techniques to breach any hosting provider but likely chose GoDaddy because it is one of the largest, Percoco said.
Brian Riley, analyst and research director for TowerGroup, believes a security breach of any size is significant for businesses and paying customers.
“The fact that someone is getting into those sites and violating the data is a big thing,” Riley tells PaymentsSource.
Because GoDaddy provides such a wide range of Web services does not preclude it from being more vigilant about data security when it comes to merchant websites, Riley contends.
“When it comes to protecting credit card data, that is an area that becomes significantly important,” Riley says.
What do you think about this? Send us your feedback. Click
