The popular domain registry and web hosting company GoDaddy is in the headlines this week after the company reported that an unauthorized user accessed login information used by an undisclosed number of its 19 million customers.
GoDaddy informed its customer base of the incident on May 4 in an email stating that on October 19, 2019, an unauthorized individual accessed the login credentials used to connect to SSH on the hosting site. While the breach took place late last year, it was not discovered by the company until April 29, 2020, after noticing suspicious activity on a subset of its servers. Meaning the attacker had control of an undisclosed number of GoDaddy customer hosting accounts for over 7 months before being detected.
As a result, the credentials of an unknown number of customers have been compromised. It’s important to note that the potential impact of this breach could be devastating, as GoDaddy is the world’s largest domain registrar, responsible for managing over 77 million website domains.
In an email filed with the State of California Department of Justice and sent out to GoDaddy customers, GoDaddy CISO and VP of Engineering Demetrius Comes details the data breach as minor, stating, “The unauthorized individual has been blocked from our systems and we continue to investigate potential impact across our environment”, and added that “we have no evidence that any files were added or modified on your account.” Comes also stressed that main GoDaddy.com customer accounts and the information stored within those accounts was not accessible by the threat actor.
The company has reset all customer hosting account login information to help prevent potential unauthorized access and is recommending that all of its customers conduct a self-audit of their hosting account to help minimize potential damage.
In addition to their apologies, the company is offering impacted customers one year of free Website Security Deluxe and Express Malware Removal to help identify and notify customers of any potential security vulnerabilities on their website. An investigation into the full scope of the incident is still ongoing at this time.
Share this post