GoDaddy Domain Factory Hacked—Update your Passwords
GoDaddy Domain Factory one of the largest Web-Hosting company in Germany is now became the victim of Data Breach which was found a week ago that influences clients severely.
Initially this Data Breach happened in last January this year and just exposed on last Tuesday when an obscure attacker himself posted a Data Breach note on the GoDaddy Domain Factory support forum that they now gain full access to Customer Database.
According to Heise, the attacker attacks the organization servers to acquire the information of one of its clients who evidently owes him a seven-figure sum.
Not only this the vulnerability which the attacker used to broke down the GoDaddy server is also reported to DomainFactory however the Web-Hosting provider did not react, and neither uncovered the Data Breach to its clients.
Sample data of few customer was uploaded by attackers on Company’s support forum as a proof, in response to which the Domain Factory immediately delete that post and started the investigation to sort out this.
Data which the Attacker can access
GoDaddy Domain Factory at last affirmed that following individual information has been endangered.
- Client name
- Organization name
- Client account ID
- Physical address
- Email addresses
- Phone number
- DomainFactory Password
- Date of birth
- Bank name and Account number
- Schufa score (German financial assessment)
All things considered, that is a mess of data, which can be utilized by Cyber-Criminals to target Social engineering assaults against the clients.
The organization said that, “We have told the information security specialist and dispatched outside specialists with the examination. The insurance of the information of our clients is central, and we lament the burden this incident causes, in particular”.
Change All of Your Passwords
GoDaddy Domain Factory is currently encouraging its clients to change passwords for the greater part of the accompanying administrations and applications “as a precautionay step,” and furthermore change passwords for other online administrations where you used the same password.
- Client secret key
- Telephone secret key
- Email passwords
- FTP/Live Disk Passwords
- SSH passwords
- MySQL database passwords
Since the compromised information can be utilized for data fraud and to make direct debit for clients’ financial balance, clients are additionally prescribed to keep eye on their bank statement for any unapproved exchange.
So far it is hazy how the attacker got into the GoDaddy Domain factory servers, yet the German distribution said the attacker did not give an impression of spilling the information on the web.