GoDaddy has notified its customers of a data breach, the threat actors may have compromised the credentials of the web hosting account.
GoDaddy has notified its customers of a data breach, the attackers may have compromised the credentials of the users’ web hosting account.
Based in Scottsdale, Arizona, the Internet domain registrar and web hosting company claim to have over 19 million customers worldwide.
The hosting provider sent a data breach notification with the California prosecutor, revealing that the intrusion occurred in October 2019.
We need to notify you of a security incident that affects the credentials of your GoDaddy web hosting account. “reads the company data breach notice.” We recently identified suspicious activity on a subset of our servers and immediately launched an investigation. The investigation revealed that an unauthorized person had access to the login information used to connect to SSH on their hosting account. We have no evidence that any files have been added or changed on your account. The unauthorized individual has been blocked from our systems and we continue to study the potential impact on our environment. “
The company started an investigation immediately after finding suspicious activity on some of its servers.
GoDaddy confirmed that “an unauthorized individual” was able to access the login credentials used by customers to connect to SSH on their hosting account. In response to the incident, GoDaddy reset the login information for users’ hosting accounts to avoid abuse.
The company stressed that the customer’s account and information stored within the customer’s account was not exposed.
“We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.” continues the notice.
“This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”
The defense systems implemented by the company were able to detect and block the unauthorized part, but evidently the hosting provider believes that part of the access credentials have been discovered. At the moment there is no evidence that the attackers have abused their login credentials to add or edit files on users’ accounts.
GoDaddy provides interested customers with a one-year website
Free Security Deluxe and Express Malware Removal.
These services scan your website to identify and warn of any security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help you. “concludes the notice.”
“Again, we apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident.”