GoDaddy Confirms Data Breach Involving SSH Access on Hosting Accounts

GoDaddy Confirms Data Breach: What Clients Need To Know
Share It On:

Kathmandu, May 6th, 2020

The world’s largest domain registrar, GoDaddy, confirmed a data breach that started in October 2019.

The Scottsdale, Ariz.-based domain registrar giant manages more than 19 million customers and 77 million domains. It is warning customers about the data breach impacting their web hosting account credentials.

‘We blocked the unauthorized individual responsible for the breach.’ states GoDaddy. They further stated that the company is continuing investigation on the potential impact on their environment.

The company said that the breach only affected hosting accounts. That means general GoDaddy.com’s customer accounts are safe. There was also no effect on the customer data in the main accounts.

What we know on the GoDaddy Data Breach

The confirmation of the data breach reveals that the security incident in question came to light after a recent identification of suspicious activity on some GoDaddy servers. The breach itself appears to have occurred on October 19, 2019.

During the investigation, they found that an “unauthorized individual” had gained access to login credentials. This meant that they could “connect to SSH” on the affected hosting accounts.

Why SSH is so critical

SSH is an acronym for secure shell, a network protocol, and a software suite used for securely transmitting data. Privileged users such as system administrators and application developers use SSH for secure interactive and remote access.

Yana Blachman, a threat intelligence specialist at Venafi emphasizes the importance of SSH security underlining the GoDaddy data breach.

He also highlights that SSH is used to access an organization’s most critical assets. Also, it is vital that organizations stick to the highest security level of SSH access and disable basic credential authentication. He recommends the use of machine identities instead.

During the incident, as Freelance CEO Matt Barrie stated, their security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account.

The hacker had unlawfully accessed GoDaddy’s registrar’s internal support systems and was using them to make changes on Escrow.com’s account.

Which GoDaddy accounts are affected?

The GoDaddy email says the breach affected only the hosting accounts and did not involve customer accounts or the personal information stored within them.

However, the company has reset all impacted hosting account logins. And, the email contained the procedure customers need to follow to regain access to the hosting accounts concerned.

GoDaddy to provide free security services

GoDaddy has said it will provide complimentary years’ worth of security and malware removal services for those customers affected, and has expressed “regret this incident occurred.”

The domain giant also recommended that customers should audit their hosting accounts.


Share It On:

Recent Posts

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support

Ncell Unlimited Data Saapati: 1-Day Internet for Prepaid Users with Low Balance

Ncell Unlimited Data Saapati: 1-Day Internet for Prepaid Users with

Share It On:20th December 2024, kathmandu  Ncell has started to provide Unlimited Data as Saapati, enabling customers to stay online