The world’s largest domain registrar, GoDaddy, with 19 million subscribers, has disclosed a data breach affecting web hosting account credentials.
With more than 19 million customers, 77 million managed domains and hosts millions of websites, most people have heard of GoDaddy. According to Bleeping Computer, which broke the news last night, an unknown number of customers have been notified that their web hosting account credentials have been compromised.
What is known so far about the data breach GoDaddy?
Confirmation of data breaches, in an email signed by GoDaddy CISO and vice president of engineering, Demetrius Comes, revealed that the incident was revealed after the security suspicious activity has recently been identified in some GoDaddy servers. The offense itself seems to have occurred on October 19, 2019, in accordance with the State of California Department of Justice, with which a sample email notification disclosures filed.
Email notification stating that, upon an investigation of the incident, it was determined that “unauthorized individuals” have gained access to login credentials, which means they can “connect to SSH” on hosting accounts affected. SSH stands for secure shell, a network protocol that is used by system administrators to remotely access the computer. SSH is, as you can imagine then, quite a useful attack vector for hackers. If you want to dive into the technical details, Hackaday has an excellent article about the “terminal program that talks to a server using an encrypted connection.”
“The GoDaddy breach underscores the importance of the security of SSH is,” said Yana Blachman, threat intelligence specialists in Venafi, “SSH is used to access the most important asset of the organization, so it is important that the organization remains at the highest security level access SSH and disable authentication credential base, and identity using machines instead,” said Blachman, “this involves applying strong private-public-key cryptography to authenticate users and systems. ”
Which GoDaddy accounts are affected by the breach?
Importantly, the GoDaddy email said that the breach is limited only to hosting accounts and did not involve customer accounts or the personal information stored within them. It noted that no evidence was found to suggest that any files were modified or added to the affected accounts but fell short of mentioning if files had been viewed or copied. However, all impacted hosting account logins have been reset, and the email contained the procedure customers need to follow in order to regain access to the hosting accounts concerned. GoDaddy has also recommended, “out of an abundance of caution,” that users audit their hosting accounts.
However, the investigation into this incident is far from over. While the attacker has been “blocked from our systems,” the email said, it also stated that GoDaddy is continuing to determine any potential impact across its environment. Information is scarce, at this stage, beyond what I’ve already detailed. I have reached out to GoDaddy with regards to how many accounts were affected and will update this article once I have an official response.
GoDaddy to provide free security services to those affected
Meanwhile, GoDaddy has said it will provide a complimentary years’ worth of security and malware removal services for those customers affected, and has expressed “regret this incident occurred.”
This is the second notable security GoDaddy incident to be reported within the space of just a few weeks. On March 31, former Washington Post journalist Brian Krebs detailed how a GoDaddy employee “had fallen victim to a spear-phishing attack,” that led to the hacking of a small number of GoDaddy domain customers.
GoDaddy issues a formal statement clarifying the number of accounts impacted by this breach
I have now heard back from a GoDaddy spokesperson with the following statement confirming the total number of accounts affected and the date that the company identified the credentials compromise:
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
The world’s largest domain registrar, GoDaddy, has disclosed a data breach impacting web hosting account credentials.
If you wish to advertise on Itsursecretsanta, please Contact Us.