GoDaddy discloses a data breach, web hosting account credentials exposed

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials.

GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials.

Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

The hosting provider submitted a data breach notice with the California Attorney General, it revealed that the intrusion took place in October 2019.

Data Breach

“We need to inform you of a security incident impacting your GoDaddy web hosting account credentials.” reads the data breach notice submitted by the company. “We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment”

The company launched an investigation immediately after it has discovered the suspicious activity on some of its servers.

GoDaddy confirmed that “an unauthorized individual” was able to access login credentials used by customers to connect to SSH on their hosting account. In response to the incident, GoDaddy reset users’ hosting account login information to prevent any abuse.

The company pointed out that the customer account, and the information stored within the customer account, was not exposed.

“We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.” continues the notice.
“This incident is limited in scope to your hosting account. Your main customer account, and the information stored within your customer account, was not accessible by this threat actor.”

The defense systems implemented by the company were able to detect and block the unauthorized party, but evidently the hosting provider believes that a portion of login credentials was exposed. At the time there is no evidence that attackers abused the login credentials to add or modify files on users’ accounts.

GoDaddy is providing impacted customers one year of Website
Security Deluxe and Express Malware Removal for free.

“These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.” concludes the notice. “

“Again, we apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident.”

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase