Web hosting provider and domain registrar GoDaddy discovered a security incident that affects approximately 28,000 GoDaddy hosting accounts. It is unclear which of GoDaddy’s hosting packages were affected by this breach and the reason for the breach. GoDaddy reset the user’s hosting account login information to prevent unauthorized access.
GoDaddy discovered the breach 7 months later
Due to the Submitted Breach Notification to California Attorney General’s office, GoDaddy revealed that the suspicious activity occurred on some of its servers on October 19, 2019. An unauthorized individual had gained access to the login credentials of customers and had used SSH (Secure Shell) to connect to their hosting accounts.
SSH, a network protocol, offers a secure way to access a computer over an unsecured network by providing strong password authentication and public key authentication. In other words, SSH protocol is a method for secure remote login from one computer to another. This network protocol which is widely used by network administrators provides security for managing systems and applications remotely. Network administrators can log managing systems and applications into another computer over a network, execute commands and move files from one computer to another.
GoDaddy has 77 million domain registrations. The company officials apologized to an undisclosed number of its users in an email:
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
GoDaddy shared that there was no evidence that any files were ‘added or modified’ on user accounts. Additionally, GoDaddy said that the incident was limited only to customers’ hosting accounts.
The web hosting provider and domain registrar provides a full year of Website Security Deluxe and Express Malware Removal free of charge to its affected customers. According to the company, with this service, if a problem arises, there is a special way to contact our security team and they will be there to help.
Recommendations against cyberattacks
Wordfence Threat Intelligence team recommends GoDaddy’s affected users to check the email header, to look for any typos or misspellings in the email content itself. The team also warns the users about modified verbiage to scare and force them to provide personal information. Moreover, creating a strong password and using two-step verification are the other ways to protect your GoDaddy account.