This Week in Data Breaches: 28,000 Hosting Accounts Compromised in GoDaddy Data Breach
Welcome to this week’s round-up of the latest data breaches, leaks, and privacy intrusions. This week: 28,000 accounts compromised in a data breach at GoDaddy, 10.88 billion records exposed in a leak at an adult cam site, and a third data breach at Chegg.
28,000 Hosting Accounts Compromised in GoDaddy Data Breach
On Tuesday, GoDaddy, the world’s largest domain registrar with nearly 19 million customers, disclosed a data breach that compromised 28,000 customers’ web hosting account credentials. Hackers gained unauthorized access to GoDaddy’s servers in October 2019 but the company didn’t discover the breach until April.
In a notification email sent to affected customers, GoDaddy said, “The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account.”
According to GoDaddy, only hosting accounts were affected. The company reset passwords for hosting accounts after discovering the intrusion and recommended that customers review their hosting accounts for any unauthorized changes. GoDaddy told BleepingComputer that the breach impacted 28,000 hosting customers.
This isn’t the first time that GoDaddy has had a major security incident. Last April, hundreds of compromised GoDaddy accounts were used to create 1,500 subdomains setup to run a range of scams.
Employee Data Stolen in Chegg Hack
For the third time in just as many years, Chegg has been hit by a data breach. Hackers stole the records of nearly half of Chegg’s workforce, some 700 of more than 1400 employees. The records included employees’ names and Social Security numbers. Chegg is an education technology company based out of California that provides services to students such as textbook rentals and study materials.
Chegg doesn't have a particularly sterling track record when it comes to cybersecurity. In 2018, the company was hit by a major data breach that compromised the accounts of 40 million users. Usernames, addresses, and hashed passwords were all stolen in the breach. Then, in 2019, just days after the company acquired Thinkful, it disclosed that an unauthorized party had gained access to Thinkful company credentials.
Chegg is currently facing a lawsuit for the 2018 data breach, which is now headed to arbitration. The company hasn't provided any more information on the latest breach beyond saying that it is working with law enforcement and a third-party forensics firm to investigate the incident.
10.88 Billion Records Exposed by Adult Cam Site
Earlier this week, CAM4, a popular adult cam site, said that it had accidentally exposed a startling 10.88 billion records on a publicly accessible server. In total, the records amounted to 7 terabytes worth of names, payment details, and email and chat transcripts.
As has become commonplace, the exposure was the result of a misconfigured Elasticsearch production database that was left unprotected and accessible to anyone who happened upon it. Security researchers alerted CAM4 and the database was quickly taken offline. There is no evidence that anyone improperly accessed the database.
"The team concluded without any doubt that absolutely no personally identifiable information, including names, addresses, emails, IP addresses or financial data, was improperly accessed by anyone outside the SafetyDetectives firm and CAM4’s company investigators,” CAM4 said in a statement to Wired.
According to the company that manages the CAM4 server, the database only contained the payment information of 93 customers and performers. The researchers who discovered the exposure said that it was more likely a few hundred. They estimate that, in total, 26 million users were part of the leak.
Make sure to check out our in-depth security and privacy guides:
- How to Protect Your Phone
- How to Protect Your Identity
- How to Protect Your Privacy
- The Ultimate Guide to Data Breaches
Bloom: Your Data, Your Credit, Your Privacy
At Bloom, we are giving you the tools to take back control of your data all with one simple app. No more centralized data storage. No more selling off your data to the highest bidder. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.
It’s time to take back control of your data and unlock the power of a secure identity today. Download the Bloom mobile app to build a digital identity, monitor your credit, and get free data breach alerts with Radar!