GoDaddy: Hackers stole source code, installed malware in multi-year breach

malcontent · 18 Feb 2023, 01:40 AM

Quote:

Web hosting giant GoDaddy says unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.

https://www.bleepingcomputer.com/new...i-year-breach/

TenFour · 18 Feb 2023, 04:22 AM

Another reason why the supposed privacy and security of having your own domain for email is a myth.

Quote:

"According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."

GoDaddy just laid off about 8% of their workforce too. https://aboutus.godaddy.net/newsroom...i/default.aspx

pjroutledge · 18 Feb 2023, 08:09 PM

Wouldn't the main reason for having your own domain be portability?

TenFour · 18 Feb 2023, 08:16 PM

Sure, portability is one benefit, but a lot of folks seem to think they are gaining security and privacy when they use domain email. Instead you have another provider in a string of services that has to be secure. Every additional service you depend on adds more penetration points for bad actors. No matter how much you trust the email service your security depends on the weakest link, which may be the domain registrar.

malcontent · 18 Feb 2023, 08:23 PM

When it comes to security (not privacy) the only domain register that would be the most secure (my opinion) would be 'Google Domains'. Google has the resources, infrastructure and expertise.

hadaso · 19 Feb 2023, 05:14 AM

Quote:

Originally Posted by malcontent

... Google has the resources, infrastructure and expertise.

But does Google care? Every day many Gmail accounts are breached. Doesn't Google have the resource, infrastructure and expertise to prevent it?

google/com is not registered using Google domains. It seems that google.com, and also microsoft.com, ebay.com, amazon.com, wikipedia.org, mozilla.org and probably many others are registered with Markmonitor.

Meta seems to use their own domain registration service (RegistrarSafe).

TenFour · 19 Feb 2023, 05:18 AM

I would venture to guess that most if not all Google accounts breached were due to phishing or malware. Has there ever been a reported breach of Google infrastructure that resulted in individuals being hacked?

malcontent · 19 Feb 2023, 05:55 AM

Yeah, those compromised gmail accounts are a result of users falling for social engineering scams or being infected by malware that steals their credentials. I've never read or heard that any of them were caused because Google was hacked or compromised themselves.

malcontent · 27 Feb 2023, 08:13 PM

Quote:

In a filing with the U.S. Securities and Exchange Commission (SEC), GoDaddy said it determined that the same “sophisticated threat actor group” was responsible for three separate intrusions

When Low-Tech Hacks Cause High-Impact Breaches

18 Feb 2023, 08:09 PM	#3
pjroutledge Senior Member Join Date: Jan 2010 Location: Melbourne, Oz Posts: 133	Wouldn't the main reason for having your own domain be portability?

18 Feb 2023, 08:16 PM	#4
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,742	Sure, portability is one benefit, but a lot of folks seem to think they are gaining security and privacy when they use domain email. Instead you have another provider in a string of services that has to be secure. Every additional service you depend on adds more penetration points for bad actors. No matter how much you trust the email service your security depends on the weakest link, which may be the domain registrar.

18 Feb 2023, 08:23 PM	#5
malcontent Essential Contributor Join Date: Oct 2008 Posts: 275	When it comes to security (not privacy) the only domain register that would be the most secure (my opinion) would be 'Google Domains'. Google has the resources, infrastructure and expertise.

19 Feb 2023, 05:18 AM	#7
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,742	I would venture to guess that most if not all Google accounts breached were due to phishing or malware. Has there ever been a reported breach of Google infrastructure that resulted in individuals being hacked?

19 Feb 2023, 05:55 AM	#8
malcontent Essential Contributor Join Date: Oct 2008 Posts: 275	Yeah, those compromised gmail accounts are a result of users falling for social engineering scams or being infected by malware that steals their credentials. I've never read or heard that any of them were caused because Google was hacked or compromised themselves.