GoDaddy Admits Data Breach Affecting Web Hosting Account Credentials of Unknown Number of Customers.
Just last month a GoDaddy employee had their account compromised which allowed hackers to deface Escrow.com. Now, GoDaddy, the largest domain registrar in the world with over 19 million customers, countless websites, and around 77 million domains, has suffered a data breach.
The Scottsdale, Arizona-based domain registrar and web hosting service provider firm has submitted a notice explaining that the breach occurred on 19 October 2019 and affected its systems. The data breach confirmation notice was sent via an email, which was signed by Demetrius Comes, the CISO and Vice-President of GoDaddy, and submitted with the California Attorney General.
According to sources from within the company, an investigation was started right after noticing suspicious activity on its servers’ subset. It was revealed that an unauthorized person managed to gain access to the credentials GoDaddy customers were assigned to link to SSH on their hosting account. The unauthorized access was proactively blocked and the investigation is still underway.
For your information, SSH also known as Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.
As per the company’s notice, the hosting account login information has been reset to prevent any further unauthorized access. It is affirmed by GoDaddy that no files were added or modified on the compromised accounts, however, it is suggested that customers conduct auditing of their hosting accounts.
“We apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident,” GoDaddy stated [PDF].
To compensate for the incident, GoDaddy will offer premium security services for a full year to affected customers so as to help them timely detect and deal with any security vulnerabilities on their sites.
Venafi’s threat intelligence expert Yana Blachman highlights the importance of SSH security as it is used to access the most “critical assets” of an organization. Therefore, organizations must employ stringent security measures to secure SSH, and instead of using basic credential authentication, machine identities should be preferred for authenticating a user or a system, urged Blachman.