Management Assistance Program

GoDaddy Says a Multi-Year Breach Hijacked Customer Websites and Accounts

Another major security breach has made the news. Ars Technica reports, GoDaddy says a multi-year breach hijacked customer websites and accounts. The report notes the “most recent event occurred last December when the threat actor gained access to the cPanel hosting servers customers use to manage websites hosted by GoDaddy. The threat actor then installed malware on the servers that “intermittently redirected random customer websites to malicious sites.”

First, if you have a GoDaddy or your site is managed by GoDaddy’s Managed WordPress service, it is time to consider changing your passwords. Changing a password on these services first involves a password change will disable some other linked function.

Second, if you have a website developer or contractor who updates your site frequently, then it may be appropriate that they retain your password. But the law firm needs to have a record of the password as well. An independent contractor who does a web project should understand that the firm will change the password upon completion. It is simple to share again (not by email) if more work is required.

GoDaddy is a web hosting service that also does domain name registration. They notify you when your domain name needs to be renewed. Despite the recent problem, that is still appropriate. But if you are working with a smaller company who registers your domain name, it is best to have the law firm email and other information designated for domain name renewal notices. You don’t want to be the firm that learns they forgot to renew their domain name registration when someone else is now using it.