GoDaddy Data Breach – Hosting Account Compromises.
SSH Login Credentials have accessed unauthorized.
The Company advises auditing your Hosting account.
Godaddy is an American Internet domain registrar and web hosting company. GoDaddy has approximately 19 million customers worldwide. The company official confirms 28,000 users compromised.
According to GoDaddy statement,
“We need to inform you of a security incident impacting your GoDaddy web hosting account credentials. We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account.”
“We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”
“We have proactively reset your hosting account login information to help prevent any potential unauthorized access, you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.”
Again, we apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident.
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers.
We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server.
“It’s unclear whether GoDaddy’s reported incident was because of the re-use of previously stolen credentials or from brute-force attacks,” Matt Walmsley, EMEA director at security company Vectra, told TechRepublic. “There have also been recent reports of GoDaddy’s support employees being successfully phished, which might be connected.
Regardless of how the unauthorized access was gained, it’s a sharp reminder that the monitoring of how privileged credentials are used, not just granted, can make the difference between detecting an active attack and being blissfully ignorant to a breach.”
Customers need to follow security guideline to protect their server accounts.
How To keep Protect?
- Create a Unique Password and change it periodically.
- Use Two-Factor Authentication
- Do not click unknown link through E-mail or SMS.