Home » GoDaddy Confirms 28,000 Hosting Accounts Breached!

GoDaddy Confirms 28,000 Hosting Accounts Breached!

cyber security

GoDaddy Confirms 28,000 Hosting Accounts Breached!

 

One of the top domain registrars in the world notified its customers about an attack affecting thousands of hosting accounts.

GoDaddy’s Vice President for Corporate Communications told BleepingComputer in an official statement that roughly 28,000 customers’ hosting accounts were affected in the incident.

On April 23, 2020, we identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed the offending SSH file from our platform, and have no indication the threat actor used our customers’ credentials or modified any customer hosting accounts. To be clear, the threat actor did not have access to customers’ main GoDaddy accounts.GoDaddy's Vice President for Corporate Communications

According to GoDaddy’s statement, the intrusion happened back in October 2019, when an “unauthorized individual” compromised the SSH usernames and passwords of some customers. GoDaddy claims that the incident affected only hosting accounts, not customers’ main accounts or personal information. The company has proactively reset logins and passwords of all affected hosting accounts.

The company noticed suspicious activities on some of its servers and reported the breach to officials in April 2020. About 28,000 accounts out of GoDaddy’s 19 million customers were affected. The company states that it hasn’t yet found any signs that the attackers modified or removed any files on the compromised accounts. Investigation of the case is ongoing

 

What to do?

  • Affected customers should have already received an e-mail from GoDaddy with details about the incident and instructions on regaining access. GoDaddy claims passwords for the affected accounts were reset, however, all customers are advised to conduct an audit of their hosting account.
  • GoDaddy is providing one year of its Website Security Deluxe and Express Malware Removal services for affected customers. These services allow you to scan your website for potential vulnerabilities.
Back to top

Some of the links on the Website may be "affiliate links". This means if you click on the link and sign up or purchase an item, I may receive an affiliate commission at no cost to you. Please check Disclaimer for more info.

Leave a Reply