GoDaddy, the leading domain registrar in the world, has confirmed a data breach that has threatened web hosting accounts. The giant, at present, serves more than 19 million clients while managing over 77 million domains. Millions of which it hosts on its server. The company found out that the hackers gained access to web hosting accounts of 28, 000 clients.
What do we currently know about the GoDaddy data breach?
According to an email signed by GoDaddy CISO and vice-president, Demetrius Comes, the security data breach came to light after some GoDaddy servers recently showed suspicious activities. The company filed the disclosure notification email with the State of California Department of Justice on April 23, 2020. The department’s officials believe that the security incident happened on October 19, 2019.
The notification stated that after investigating the matter, they have determined that “unauthorized individual” had accessed crucial login credentials. The registrar company discovered suspicious activities on a subset of its servers and an altered SSH file in their hosting environments. The hackers could, therefore, use the credentials to connect to the affected hosting accounts’ Secure Shell (SSH).
Which accounts fell victim to the GoDaddy breach?
Worth noting is that only the hosting accounts have been compromised. The customer accounts and the personal data in them are safe.
Excerpt from Godaddy’s official notification
The Godaddy email noted that there was no evidence that the hackers modified or added any files to the affected accounts. However, it failed to mention whether the bad players viewed and copied the data or not.
The good news is that according to the email, GoDaddy has reset the hosting account logins. They immediately reset the passwords and usernames and got rid of the altered SSH file from their platform.
The email also included steps for the affected clients to regain access to their hosting accounts. Additionally, the company has advised its clients to audit their hosting accounts and exercise maximum caution.
GoDaddy is still looking into this issue even after blocking the attacker from their systems. They are investigating any potential impact to ensure they’ve contained the situation comprehensively.
Did the GoDaddy breach affect you? You’ll get free security services
In their email, GoDaddy expressed their regrets.
To show their support, they will offer malware removal and security services to the affected customers. Therefore, if you got the hit, you’ll enjoy one year of Express Malware Removal and Website Security Deluxe at no cost.
The services will execute scans on your website to smoke out any potential security vulnerability and alert you to take the necessary action. If an issue crops up, you can contact their security team via a unique way to get things sorted out.
The breach notification email doesn’t reveal more about the reason behind this GoDaddy breach. However, their message and offer of cost-free security mitigation services show that the customers will not bear any blame as it is not likely their faults.
Previous GoDaddy breaches
Last year 2019 saw cyber-criminals using hundreds of hacked GoDaddy accounts to create fake domains amounting to about 15,000. Some of the bad players attempted to mimic popular businesses and organizations’ websites. Through these counterfeit domains, victims could be lured onto spam pages where they could get scammed severely.
The hackers used that script to spy on websites’ internal bottlenecks and obtain data on page load times and connection time (Real User Metrics, RUM) from compromised cPanel Business hosting and cPanel Shared Hosting accounts.
This year 2020, the current GoDaddy breach is the second significant data security issue to be reported within a period of just a few weeks. On March 31, Brian Krebs, former Washington Post journalist, revealed how a spear-phishing attack took a GoDaddy’s employee into the nets. The hackers went ahead and hacked a few GoDaddy domain clients.
As shown by the GoDaddy data breaches, SSH security and other data protection measures are critical. A hacker who can access SSH credentials of a website can easily compromise with its critical assets. Therefore, you should implement the most robust SSH access security. Hurry up and replace any basic credentials authentication with machine identities. Implementation of private-public key cryptography for authentication of a system and a user will also add to your account’s security. Additionally, employ other measures such as website firewalls.
If you have accounts at GoDaddy or elsewhere, you should check that all things are well immediately after reading this article. Is your website a victim? Hurry now and take their free security offer.