Kathmandu, May 6th, 2020
The world’s largest domain registrar, GoDaddy, confirmed a data breach that started in October 2019.
The Scottsdale, Ariz.-based domain registrar giant manages more than 19 million customers and 77 million domains. It is warning customers about the data breach impacting their web hosting account credentials.
‘We blocked the unauthorized individual responsible for the breach.’ states GoDaddy. They further stated that the company is continuing investigation on the potential impact on their environment.
The company said that the breach only affected hosting accounts. That means general GoDaddy.com’s customer accounts are safe. There was also no effect on the customer data in the main accounts.
What we know on the GoDaddy Data Breach
The confirmation of the data breach reveals that the security incident in question came to light after a recent identification of suspicious activity on some GoDaddy servers. The breach itself appears to have occurred on October 19, 2019.
During the investigation, they found that an “unauthorized individual” had gained access to login credentials. This meant that they could “connect to SSH” on the affected hosting accounts.
Why SSH is so critical
SSH is an acronym for secure shell, a network protocol, and a software suite used for securely transmitting data. Privileged users such as system administrators and application developers use SSH for secure interactive and remote access.
Yana Blachman, a threat intelligence specialist at Venafi emphasizes the importance of SSH security underlining the GoDaddy data breach.
He also highlights that SSH is used to access an organization’s most critical assets. Also, it is vital that organizations stick to the highest security level of SSH access and disable basic credential authentication. He recommends the use of machine identities instead.
During the incident, as Freelance CEO Matt Barrie stated, their security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account.
The hacker had unlawfully accessed GoDaddy’s registrar’s internal support systems and was using them to make changes on Escrow.com’s account.
Which GoDaddy accounts are affected?
The GoDaddy email says the breach affected only the hosting accounts and did not involve customer accounts or the personal information stored within them.
However, the company has reset all impacted hosting account logins. And, the email contained the procedure customers need to follow to regain access to the hosting accounts concerned.
GoDaddy to provide free security services
GoDaddy has said it will provide complimentary years’ worth of security and malware removal services for those customers affected, and has expressed “regret this incident occurred.”
The domain giant also recommended that customers should audit their hosting accounts.