According to a detailed report by Forbe; the world’s largest domain registrar, GoDaddy, with 19 million customers, has disclosed a data breach impacting web hosting account credentials.
According to a report by Bleeping Computer, unknown number of customers have been informed that their web hosting account credentials had been compromised.
On their part, GoDaddy had also issued an official statement.
According to them;
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
This is the second notable security breach GoDaddy has reported within the space of just a few weeks. On March 31, former Washington Post journalist Brian Krebs detailed narrated how a GoDaddy employee “had fallen victim to a spear-phishing attack,” that led to the hacking of a small number of GoDaddy domain customers.
Meanwhile, GoDaddy has said it will provide a complimentary years’ worth of security and malware removal services for those customers affected, and has expressed “regret this incident occurred.”
It’s important to note that the breach is limited only to hosting accounts and did not involve customer accounts or the personal information stored within them. GoDaddy also confirm that no evidence was found to suggest that any files were modified or added to the affected accounts but fell short of mentioning if files had been viewed or copied.
However, all impacted hosting account logins have been reset, and the email contained the procedure customers need to follow in order to regain access to the hosting accounts concerned. GoDaddy has also recommended, “out of an abundance of caution,” that users audit their hosting accounts.