GoDaddy notifies users of breached hosting accounts

GoDaddy notified some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH.

The security incident took place on October 19, 2019, after the company’s security team discovered suspicious activity on a subset of GoDaddy’s servers.

GoDaddy is the world’s largest domain registrar and a web hosting company that provides services to roughly 19 million customers around the world.

Hosting account passwords reset

“The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account,” GoDaddy revealed in the notification letter sent to affected customers.

The company says that it has not yet found any evidence of the attackers adding or modifying any files on the impacted accounts’ hosting.

Additionally, the company assured the affected users that only their hosting accounts were affected as part of the incident, while their main GoDaddy account was not accessible to the attackers.

“We have proactively reset your hosting account login information to help prevent any potential unauthorized access,” GoDaddy added.

Customers are also advised to conduct an audit of their hosting accounts to make sure that everything is in order.

This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor. – GoDaddy

Even though the breach notification letter’s wording doesn’t point to the exact reason behind this incident, GoDaddy’s message and offer of free services show that this was not likely the customers’ fault. 

“On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred. We are providing you one year of Website Security Deluxe and Express Malware Removal at no cost,” the letter reads.

“These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.”

BleepingComputer has reached out to GoDaddy for more details but had not heard back at the time of this publication.

Previous GoDaddy issues and compromised accounts

Last year, scammers used hundreds of compromised GoDaddy accounts to create 15,000 subdomains, some of them attempting to impersonate popular websites, to redirect potential victims to spam pages that were pushing snake oil products.

Earlier during 2019, GoDaddy was found to inject JavaScript into US customers’ websites without their knowledge, potentially rendering them inoperable or impacting the sites’ overall performance.

That script was used to monitor websites for internal bottlenecks, and to collect data on connection time and page load times — so-called Real User Metrics (RUM) — from U.S. customers using cPanel Shared Hosting or cPanel Business hosting.

Kent

Next Post

Pressure grows on China for independent investigation into pandemic’s origins | Science

Tue May 5 , 2020
The Wuhan Institute of Virology in China, which includes this high-containment laboratory designed to work with the deadliest pathogens, is at the center of so far uncorroborated allegations that a lab accident released the coronavirus that causes COVID-19. HECTOR RETAMAL/AFP via Getty Images By Science News StaffMay. 4, 2020 , […]