GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials.

GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials.

Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

The hosting provider submitted a data breach notice with the California Attorney General, it revealed that the intrusion took place in October 2019.

Data Breach

“We need to inform you of a security incident impacting your GoDaddy web hosting account credentials.” reads the data breach notice submitted by the company. “We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment”

The company launched an investigation immediately after it has discovered the suspicious activity on some of its servers.

GoDaddy confirmed that “an unauthorized individual” was able to access login credentials used by customers to connect to SSH on their hosting account. In response to the incident, GoDaddy reset users’ hosting account login information to prevent any abuse.

The company pointed out that the customer account, and the information stored within the customer account, was not exposed.

“We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.” continues the notice.
“This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”

The defense systems implemented by the company were able to detect and block the unauthorized party, but evidently the hosting provider believes that a portion of login credentials was exposed. At the time there is no evidence that attackers abused the login credentials to add or modify files on users’ accounts.

GoDaddy is providing impacted customers one year of Website
Security Deluxe and Express Malware Removal for free.

“These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.” concludes the notice. “

“Again, we apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident.”

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

Pierluigi Paganini