GoDaddy discovered in April 2020 that they have had a security breach since the last quarter of 2019. This is not the first time that GoDaddy, which has more than 19 million users, is having security issues.
However, for this breach, the web hosting giant sent notification letters to affected user accounts informing them of the event. The letter also assured these users that GoDaddy has proactively changed all affected login credentials.
The attacker had connected to GoDaddy’s users’ accounts by altering an SSH file on their hosting infrastructure. The security team that discovered this attack had found an altered SSH file in GoDaddy’s hosting environment after they noticed suspicious activities on their servers. System administrators use the SSH (Secure Shell) to access remote computers, which makes it quite useful for hackers.
BleepingComputer broke the news about the situation, with GoDaddy’s VP for Corporate Communications issuing an official statement.
What Has Been Reported So Far About the Incident
GoDaddy informed around 28,000 customers that their hosting accounts had been compromised during the breach. The company revealed that the incident was noticed after the security team flagged suspicious activities on a small group of GoDaddy servers.
According to the vice-president of engineering, Demetrius Comes, the breach itself seemed to have occurred on October 19, 2019. However, it wasn’t until April 23, 2020, that the team discovered the attack. The California Department of Justice corroborated the claim after GoDaddy filed a sample of the disclosure notification email.
The company guaranteed its affected users that while the attackers gained access to their hosting accounts, their main GoDaddy.com account was not compromised. GoDaddy also told them that they had not found any evidence of any additions or modifications made to their files. However, they failed to mention if any file had been copied or viewed.
According to the security team, everyone’s login information had been reset to avoid any more unauthorized access. The hosting registrar also recommended that everyone audit their hosting account to be on the safe side.
GoDaddy’s notification letter sent out to its users didn’t point out the reason behind the attack, but it contained supplications. The company issued a free Express Malware Removal and Website Security Deluxe for one year to the breached accounts.
GoDaddy’s Previous Breaches
Later that same year, scammers created 15,000 subdomains with compromised GoDaddy account to impersonate popular websites and redirect victims to spam pages.
The Way Forward
This breach has attracted more comments from industry experts. Threat intelligence specialist, Yana Blachman, noted how the situation with GoDaddy underlined how essential SSH security was for domains and websites.
According to Yana, a great way to avoid organizations getting compromised would be to verify both users and their systems, by implementing strong private-public key cryptography.
GoDaddy’s investigation into the breach is not over yet. While they have blocked the attacker from their systems, the company is still trying to detect any impact the incident had on its environment.
You can rely on HostScore.net for unbiased, data-backed information on hosts and domain name registrars. For example, you can instantly use these GoDaddy alternatives to reduce your chances of exposure to attackers.
GoDaddy provides hosting services to over 19 million customers across the globe and manages around 77 million domains. The company offers several plans for entrepreneurs, empowering them to grow and change the world around them.
Although the platform remains one of the biggest names in the industry, there are other viable options you may want to consider.