“It is astonishing that GoDaddy was unable to detect unauthorised access to SSH account credentials for about eight months,” says LogRhythm Labs chief information security officer and vice president James Carder.
“With this particular incident, there are further unknowns such as whether sensitive files were exfiltrated from the accounts, and exactly how many accounts from GoDaddy’s hosting environment were compromised.”
Carder says the breach sheds light on an increasingly pressing issue – that many large enterprises still lack a comprehensive approach to detecting and combating threats.
“It is easy to assume that GoDaddy, as the world’s largest domain registrar, would have proper security in place to prevent, detect, and respond to these types of threats,” says Carder.
“GoDaddy should have had stricter SSH security measures in place rather than just a simple username and password.”