GoDaddy confirms Data Breach as roughly 28000 GoDaddy Accounts get affected
GoDaddy is an American publicly traded Internet domain registrar and web hosting company. Headquartered in Scottsdale, Arizona, and incorporated in Delaware. GoDaddy has approximately 18.5 million customers all over the Globe.
GoDaddy recently suffered a Data Breach and confirms. The company also managed to notify some of its customers about the breach. GoDaddy said that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. What is SSH? The SSH protocol (also referred to as Secure Shell) is a method for secure remote login from one computer to another.
The claims say that the data breach took place 19th October 2019, and GoDaddy found the breach on 23rd April 2020, after the company’s security team discovered an altered SSH file in GoDaddy’s hosting environment and suspicious activity on a subset of GoDaddy’s servers.
Which accounts have been affected by this Breach?
A GoDaddy email said that the data breach is limited only to hosting accounts and did not involve customer accounts or the personal information stored within them. It noted that no evidence was found to suggest that any files were modified or added to the affected accounts but fell short of mentioning if files had been viewed or copied. GoDaddy has also recommended, “out of an abundance of caution,” that users audit their hosting accounts. The email also stated about the hackers are “blocked from our systems,” and GoDaddy is continuing to determine any potential impact across its environment.
GoDaddy’s Vice President later stated in a Bleeping Computer statement that “On April 23, 2020, we identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed the offending SSH file from our platform, and have no indication the threat actor used our customers’ credentials or modified any customer hosting accounts. To be clear, the threat actor did not have access to customers’ main GoDaddy accounts.”
Later GoDaddy notified the affected accounts that the investigation found that an authorized individual had access to login information used to connect to SSH to hosting accounts. “This incident is limited in scope to your hosting account,” GoDaddy told its customers. “Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”
Meanwhile, GoDaddy has said it will provide a complimentary years’ worth of security and malware removal services for those customers affected, and has expressed “regret this incident occurred.”