Side Income Journal

Godaddy Breached and how to keep yourself safe

Godaddy Breached and how to keep yourself safe:

So, I bought my first domain on Godaddy, in 2015. I was using wordpress on my first blog and Godaddy was offering a good discount on managed wordpress hosting.

Managed WordPress hosting is different than normal hosting. In normal hosting, you are responsible for everything in your site, i.e. updating the site i.e. Wordpress, automatic daily backup, server-level caching etc. Basically, they will handle all administrative tasks and you can focus on publishing.

When I was starting blogging, I was not sure what platform to use and since I bought the domain on Godaddy, I got one discount coupon and I bought a 5 years plan !!

Everyone does mistake right ? Who buys hosting for 5 years ?

The website got traffic and I had to move it to a different hosting provider after 1 year. I wanted to have access to everything. Also, they had some limits on maximum number of monthly traffic.

It got expired last year and I deleted the managed hosting. Fast forward to Nov-2021, I received the following mail from Godaddy:


Dear Kaush,

We are writing to inform you of a security incident impacting our GoDaddy Managed WordPress environment you once purchased and used. According to our records your Managed WordPress account is no longer active.

On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to your customer number, email address associated with your previously used Managed WordPress account; and the password you first used when setting up your WordPress Admin login.

If you use that same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.

For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.


What? I deleted the account and you are saying that someone stole the password? So, Godaddy kept the passwords even after someone deleted the site ? That was a password for the wordpress site and it should be deleted if I deleted the site, right?

I forgot what password I used back then, I don’t have a record. Maybe I used a common password that I use frequently in other sites. That means I have to reset the passwords on all other sites those are using this password. Great !

Don’t use same password on multiple sites:

I am repeating this again. Please use different password on anything you use in the internet. Especially, don’t use the same password you are using in your bank account. Also, use different password manager applications to store the passwords. Because, if you use your Google chrome or any other browser to store it, if your account is hacked, you will loose everything.

Use two factor authentication:

Two factor authentication adds an additional layer. For example, you can register your phone number to receive an OTP. Without that OTP, no one can login even if they know your password. There are different ways to enable two factor authentication like you need to scan a QR code using an app like Authy and it will keep generating a different code on each minute. Without knowing that code, nobody can access to your account.

I would highly recommend you to use two factor authentication wherever possible.

Use more than one email:

Always use more than one email address. Use the secondary one to login to any site you want, and use the primary email in all important sites. Also, use two factor authentication for both. If you use gmail, they provides two factor authentication.

Don’t click on unknown email links:

Don’t click on unknown email links. It might be a link that can steal your data or it may download harmful software or virus to your system and it will show ads or might leak your passwords.

Top 3 best password managers to use:

Overall, if you use different passwords on different websites, even if your data got leaked, your other accounts will be safe. Another advantage of password managers is that you can keep secure notes or notes those are encrypted and password protected.

Many of these password managers are available in different platforms and you can use it on your phone or on your laptop, you don’t have to remember the passwords for all of the websites you have accounts.

I am listing down 3 best password managers, which I personally tried. You can go with any of these, and if you are using something else to keep your passwords, please don’t hesitate to drop a comment below.

1. Bitwarden:

Bitwarden is the best free option available. I use this to manage my passwords and other secure notes. It is available as a desktop app, browser extension and also as Android and iOS apps. In the free version, you will get unlimited password storage and sync option. It also provides a secure password generator that you can use to generate passwords.

The free plan includes unlimited password storage, syncing across devices, credit card storage, secure notes, storing passwords offline and two-factor authentication.

This is an open-source password generator. The source code of this generator is available for anyone to inspect, test and make changes. If you know programming, you can even use your own password storage server with it.

Bitwarden has a premium plan. They have different plans for personal and business.

Bitwarden plans

You can move to any of these premium plan if you want. This page has all the pricing structure.

2. 1Password:

1Password manager

1Password was started in 2005. It offers applications for different platforms like windows, Android, iOS etc. and also it has extensions for different browsers.

It is a paid password manager. You can go for a 30 days free trial before you move to the paid plans*.

1Password is one of the best manager for families. The family plan allows you to share passwords and data with other family members, different permissions for each family members etc.

It provides additional features like travel mode, that lets you to delete sensitive data from phone before you travel and restore it later. Also it scans the web for potential security breaches and alerts you if it find any website that you used before.

3. Dashlane:

Dashlane password manager It is a French based company started in 2009. It is a paid password manager, but they provides a free plan with limited functionalities.

They have a good record, no security breach in last 10+ years. The paid plan provides a lot of options like security alerts, VPN and Wifi protection, secure notes, Encrypted file storage, password health checker, password generator, automatic password changer etc.

The premium plan starts at $3.99 per month. You can check this link to know about all of these plans.

Conclusion:

You can go with any of these password managers. But, make sure to use a password manager always and a different password for other sites. I don’t recommend to use browser based password managers like Google chrome password manager or any other browsers because these are linked to your same email account and if your email is hacked, you will lost everything. Also, you can’t move to any other browser without exporting and importing all passwords to the new one.


Written by Kaush who loves to write side income ideas and other productive tips.

© 2022, sideincomejournal