1.2 Million GoDaddy Users Hit By Managed WordPress Hack

GoDaddy Breach, Hackers, Hacking, Ophtek, Password Security, strong passwords, , , , ,
07
Dec 2021

Web hosting is an integral part of how the modern internet works, but what happens when a provider finds themselves the victim of a hack?

GoDaddy is one of the most popular web hosting providers in the world with an estimated customer base of over 20 million users. Through GoDaddy it’s possible to use their Managed WordPress service to build and host WordPress websites. And, with around 64 million websites currently being powered by WordPress, it’s clear to see why GoDaddy has focused on this platform. Online popularity, however, will always put you in the targets of hackers. A recent breach of GoDaddy’s Managed WordPress service has demonstrated this by hitting 1.2 million of their customers.

How Did GoDaddy Get Hacked?

GoDaddy’s Managed WordPress environment contains huge amounts of data. Not only is there access to the source code for hosted websites, but customer’s personal data is also stored there e.g. email addresses, login credentials and site security certificates. These are data sources which have the potential to cause widespread digital devastation. Email addresses can be used to power phishing campaigns, login credentials give hackers the ability to hijack websites and manipulating security certificates can result in malware being downloaded to unsuspecting victims. But how exactly did one of the world’s most powerful web hosting providers get hacked?

The attack appears to have started in early September 2021 and stemmed from a password becoming compromised. The password in question allowed a third party to gain unauthorized access to GoDaddy’s Managed WordPress system. From here, the hackers were able to harvest the previously mentioned data. Unfortunately, for GoDaddy’s customers, it appears that the passwords being stored for Secure File Transfer Protocol were not encrypted and were available in plaintext. Naturally, this made it much easier for hackers to harvest even more data more quickly. And, worst of all, the attack was not picked up for over two months.

Preventing Similar Breaches in the Future

After discovering the hack, due to suspicious activity being detected on their servers, GoDaddy have moved swiftly to limit the damage. All affected login credentials have been reset and GoDaddy are currently issuing new site security certificates. However, the nature of this breach is a damning indictment of GoDaddy’s security measures. Passwords should be secure. The best ways to prevent such breaches taking place are:

  • Strong Passwords: A strong password is one that is judged difficult to guess. The best way to achieve this is by using a mixture of uppercase characters, lowercase characters, numerical characters and symbols. Mixing these different elements together minimizes the odds of a hacker guessing lucky. Additionally, don’t go for obvious password choices such as your name or your date of birth.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Database of 26 Million Stolen Passwords Discovered

Cyber Security, Data Security, Ophtek, Password Security, Two Factor Authentication, Updates, , , ,
22
Jun 2021

Passwords are one of the most common security measures, but they’re still considered a risk. And 26 million stolen passwords have just been found.

We all use passwords on a regular basis throughout our working day. Logging on to remote servers and online platforms all require a set of login credentials. And, on the whole, they provide an adequate level of security. But security which is considered only adequate will always remain a tempting prospect to hackers. Login credentials will typically consist of only two pieces of information: username and password. Naturally, with only two data values required – which can be entered from any keyboard – login credentials represent some major security concerns.

That’s why the discovery of this database, containing 26 million sources of information, is considered a major alert.

What’s in the Database?

Coming in at a huge 1.2TB, the database – which was discovered by NordLocker – contains the following:

  • 26 million login credentials
  • 2 billion browser cookies
  • 1.1 million email addresses
  • 6.6 million various files including Word, PDF and image files

These numbers are, of course, huge. And it’s a safe bet that some serious data has been compromised along the way. It has also been revealed that the malware made a point of creating an image file by taking a screenshot via active webcams on infected devices. This, again, is troubling as it underlines the danger contained within the malware for compromising personal data.

The actual malware behind these data harvests is currently unknown. It is believed, however, that its method of attack is fairly standard. Upon infection, the malware will connect to a remote server where it can transmit any stolen data. The compromised data, as NordLocker found, was being hosted on a cloud-based hosting service and has now been taken down. But it’s likely that this database has already been traded and is out in the digital wild.

How Do You Protect Yourself?

Attacks such as this are sadly commonplace in the modern age, but there is a lot that you can do to protect your organization’s data:

  • Use Two-Factor Authentication: The combination of a username and password may seem strong, but it can be made even stronger by two-factor authentication. This additional layer of security requires the use of a unique piece of data transmitted to a device separate from your IT network.
  • Install All Updates: The attack in question could easily have been caused by a vulnerability put in place by outdated technology. Both software and hardware require regular updates to patch any issues that may be discovered post-launch. And it’s your responsibility to install these as soon as possible to close any potential back door attacks.
  • Regularly Monitor Network Activity: If significant amounts of data are being stolen and transmitted to a remote server, this activity will be associated with a rise in outgoing network activity. Therefore, it pays to keep a close eye on any spikes in traffic to minimize the impact of any breach.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Google’s Password Checkup Aims to Secure Your Passwords

Ophtek, Password Security, Passwork Checkup, Security, , , , , ,
01
Dec 2020

Passwords are crucial in IT security and will remain relevant for the near future. But Google’s Password Checkup shows there’s always room for improvement. 

We all have a long list of passwords that we use to access various IT apps and services. They’re perhaps the simplest, but most effective step you can take in thwarting hackers. Without a password it’s almost impossible to gain unauthorized access to an IT system. That’s why social engineering and phishing emails have become so popular with hackers. And one of the major problems with passwords is that computer users have a tendency to recycle the same passwords for different IT systems.  

Passwords, therefore, have a number of flaws. Thankfully, Google have designed the Password Checkup app to verify the security of your passwords. 

What is Password Checkup?  

It’s difficult to keep up to date with the sheer number of passwords we use on a daily basis. The simplest way to combat this is to write all your passwords down, but this is one of the biggest password mistakes you can make. Now, instead of writing these passwords down, you can store them in your Chrome browser. As long as you’re running a Google account which is synced to your Chrome browser, you will be able to securely store your passwords. Naturally, this is useful for auto-complete password functions – although even this is risky – but the functionality doesn’t stop here. 

The most exciting and useful feature of Password Checkup is that it will automatically tell you if your login details have been breached. A sophisticated and clever password manager, Password Checkup is linked to a database containing in excess of four billion login credentials. These username/password combinations have all, at some point, been leaked online in large scale hacks. This could potentially mean that, for example, your existing Gmail credentials are visible online for anyone to see. With Password Checkup on your side, however, you will receive an alert in your Chrome browser that your login details have been breached. 

And, going back to the fact that many of us recycle our passwords, these Password Checkup alerts serve as a nudge to use unique passwords. After all, if a hacker knows that you have used the password “abc123” on your Gmail account, there’s every chance you may have used the same password on your Facebook account. Anything that reduces the time taken to breach an account is a win for hackers and you need to minimize this wherever possible. 

How to Use Password Checkup 

Password Checkup originally started as a standalone Chrome add-on and this continued to work until September 2020. The reason for retiring this add-on was down to Google deciding to build Password Checkup into the Chrome browser as an integral component. Therefore, the only way to access the Password Checkup service now is by using an up to date version of Chrome. You must, of course, sign into your Chrome browser with a Google account in order for your details to sync. Ultimately, using Password Checkup will make your online experience safer and securer. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Making Your Passwords Stronger with Password Checkup

Hacking, Ophtek, Password Security, Security Threats, ,
07
Jan 2020

Passwords are the single most important safety tool at your disposal. But passwords need to be strong. And creating strong passwords is far from easy.

Thankfully, Google has solved this problem for us. All you need to do is get on board with their new service: Password Checkup. Not sure what Password Checkup is? Well, as luck would have it, we’ve put together a quick guide for you.

The Problems with Passwords

There are certain passwords which are used time and time again. And not just by individuals. We’re talking millions of people all over the world using similar passwords. These includes all the old favorites such as Password123, abc123 and Passw0rd. Sure, these are easy to remember. But their ubiquity means that they represent a major security risk.

Modern security techniques, of course, have negated the impact of weak passwords, but only marginally. Two-factor authentication, for example, puts an extra barrier behind passwords. But this is not there to be treated as a security option to fall back on. That’s why you need to start with a strong password and work from there.

But the sheer number of sites and applications we log in to in the 21st century is mind-boggling. Memorizing all of these passwords requires some serious memory skills. The quickest solution to this problem is to write them all down. But, that’s right, you’ve guessed it. Writing down passwords is yet another security threat.

Password Checkup is the Solution

Google, the great innovator of technology, has decided to simplify and improve the password process. And the result is Password Checkup.

Google Chrome and individual Google accounts have long had a built in password manager. This has allowed users to not only generate passwords, but also store them securely. Users, therefore, have been able to browse online securely and access all their services with ease. But this isn’t enough for Google. They want to push the concept a little further.

And this is where the Password Checkup extension comes in. Available from the Chrome web store, all it takes is a simple install process to activate Password Checkup for Chrome. But what does it do? Well, its main objectives are:

  • Identifying whether your username/password combination has been exposed. Breaches of third-party databases are rife. But, thanks to the data at its disposal, Password Checkup can advise you of this and prompt a change of password.
  • To analyze your existing passwords and recommend strengthening them if required. Your passwords may be securely stored in Chrome, but this doesn’t mean they can’t benefit from strengthening further.

The Password Checkup extension isn’t the only method in which you can use the service. You can also log on at passwords.google.com to manage and analyze your stored passwords.

Stay Safe with Password Checkup

All it takes is for one password to be breached to cause untold damage. But Password Checkup helps to nullify this threat. Thanks to its clever technology, Password Checkup keeps you on top of weak and exposed passwords. This knowledge allows you to act quickly and effectively to secure your passwords. And, with Password Checkup soon to be an integral feature of Chrome, the future looks bright and secure.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Best Security Settings for a Business Router

business router, Ophtek, Password Security, Security, Security Threats, , , ,
19
Nov 2019

A business router can help support your entire workforce and customer base, so keeping it secure is crucial. But how do you make sure it’s extra safe?

Small to medium businesses need computer networks to stay connected. They can be used to share resources, engage with customers and store valuable data. And a business router represents one of the simplest and most effective ways to achieve this. But the benefits associated with routers are also highly attractive to hackers. Therefore, keeping ahead of these hackers and securing your router should be a paramount concern.

The good news is that protecting your router isn’t rocket science. And, to help you get started, we’re going to show you the best security settings for a business router.

The Best Settings for Staying Secure

There are many ways to secure your router with some being simple and some being considerably more complex. Thankfully, to protect you from any technical headaches, we’re going to look at the simplest, but most effective settings:

  • Use Unique Passwords: Most routers come with a default password and this poses a major security risk to your router. If an external party discovers the model of router your organization is using then they are one step closer to cracking your password. But it doesn’t have to be this dangerous. Instead, you can set a unique password which is close to impossible to crack. 
  • Change Your Network Name: It’s common for routers to use a default network name such as NetgearWiFi and, while this may seem of little significance, it’s yet another way in which hackers can gather details about your router. So, for example, if a vulnerability emerges that affects Netgear routers then a hacker would know how to strike your router. To reduce this risk you should change your network name to something that contains no identifying data. 
  • Analyze Event Logs: By switching on the ‘event logging’ feature within your router you can start analyzing any changes that are made to your router. Logs are routinely saved which will highlight any unusual configuration changes or activity going through your router. And, with this data to hand, you can get a clearer idea of whether any unauthorized access to your router has taken place. 
  • Limit Access: There are going to be very few people who need to access your business router. After all, the majority of your staff will be able to complete their daily IT tasks without needing access. And the less people that have access the better. The only people who need direct access should be your in-house IT team, so make sure that your router is correctly configured to facilitate this.

Final Thoughts

There are a number of ways that you can protect your business router and, as you can see, they are simple, but effective techniques. Even the smallest level of protection is enough to deter hackers, so if you can implement these methods then you should find that your router is safer than ever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3 4 6