911 Hack Removal

GoDaddy Data Breach: Around 28,000 Accounts Affected

Updated on: May 8, 2020

GoDaddy Data Breach: Around 28,000 Accounts Affected

Article Summary

GoDaddy has announced that the SSH credentials of approximately 28,000 GoDaddy hosting accounts were compromised by an unauthorized attacker. The news of this GoDaddy breach has gone off like an explosion in the peaceful internet.

GoDaddy is one of the leading domain registrars and web hosting companies. It currently caters to over 19 million customers. In a shocking Godaddy data breach disclosure, GoDaddy confessed that the SSH credentials of approximately 28,000 GoDaddy hosting accounts were compromised by an unauthorized attacker. The news of this GoDaddy data breach has gone off like an explosion through the internet.

What Has Happened Exactly in the GoDaddy Data Breach?

Upon learning about the breach GoDaddy issued a public statement:

“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”

The disclosure about the GoDaddy data breach was made on May 4, 2020. However, the breach appears to have taken place on October 19, 2019, according to the State of California Department of Justice.

The breach mainly affects the SSH credentials of 28,000 hosting accounts. SSH (Secure Shell) is used to log into remote machines and to execute commands. It is also used to transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. It’s proof enough to understand what it is a great target for hackers. Yana Blachman, a threat intelligence specialist at Venafi, said that the GoDaddy data breach underlines the importance of SSH security.

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Astra Security Suite before it’s too late.

Why is the GoDaddy Data Breach Risky?

GoDaddy has around 19 million customers, manages 77 million domains, and hosts millions of websites. Although, 28,000 may sound a very small number in front of millions a threat of this magnitude is a loud alarm that next time we might not be this lucky.

Joseph Carson, Chief Security Scientist, and Advisory CISO at Thycotic said that a data breach such as this on a large hosting provider is a significant issue. It allows a cybercriminal to make modifications to web services that could steal data, credit card information, or account passwords.

No evidence has been found to suggest that any file has been modified or added. But the notice has failed to mention any data about the files being viewed or copied. Although the attacker has been blocked, GoDaddy is still checking the risk of potential attacks of a similar sort. It is also not confirmed that for how long the attacker had access to the accounts.

Damage Control!

GoDaddy has said that they launched an investigation immediately after learning about the breach to access the damage and control it. The company has proactively reset the hosting account login information to help prevent any further unauthorized access. GoDaddy has also recommended a security audit of the hosting account. In light of this GoDaddy data breach, the company has decided to provide complimentary security and malware removal services for a year to the affected customers. They have regretted the occurrence of such an incident as the breach.

If your account has been affected and GoDaddy hasn’t notified yet, it’ll soon be done.

We recommend that you to:

  • Change your website’s database password. It could have been easily compromised in the attack without modifying the account.
  • Check your website for unauthorized administrative users.
  • Check your website for unauthorized users.
  • Scan your website with a malware scanner.
  • Get immediate malware removal, if there are malware injections.

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Astra Security Suite before it’s too late.

Attackers who use phishing campaigns as a means to infect users, use these breaches as prime targets. Phishing is an attack in which an attacker creates an email that appears to come from a legitimate source, but is intended to obtain sensitive information from an unsuspecting user. GoDaddy hosts millions of sites hence the risk is equally large if proper preventive measures aren’t taken. GoDaddy’s customers should take care while clicking on links or executing any actions in an email to ensure that they do not end up as the victim of a phishing attack.

Key Points to Identify a Phishing Attack

  1. Look out for a large number of typographical errors and misspellings in the email content itself.
  2. Modified verbiage to scare you into providing personal information.
  3. If the source of the email does not come from a registered GoDaddy domain then it is most likely an attempt in phishing.
Source: Godaddy

If the source of an email or its legitimacy cannot be verified, it is better to go to the GoDaddy website directly and contact them via standard support channels.

Security Guidelines to Protect Online Accounts

  1. Create a strong password: Devise a strong password for your accounts to keep them as safe as possible from hackers. If you cannot create or remember secure passwords, you may use a password manager to do the job.
  2. Two-factor authentication or Two-step verification: It means using a verification code that will be sent to your email or mobile phone. It is a secondary means to confirm the logins. In that case, even if a cybercriminal acquires your login credentials, that person would not be able to log into your account. This is because only you will have access to the accompanying code.

Be Weapons Ready!

When you have a large enriched territory, it is obvious that there will be enemies trying to breach borders to have access to your domain. The GoDaddy data breach is a classic example of that. In such a situation one should always be weapons ready to protect oneself. Your website should be ready for any attack and we at Astra can help you in it. Our security audits will be able to help you identify the problem if any. We will be able to fix your website in less than 4 hours in case of a hack.

Get the best arms in the business and stay protected from any attack!

Was this post helpful?

Jinson Varghese

Jinson Varghese Behanan is an Information Security Analyst at Astra. Passionate about Cybersecurity from a young age, Jinson completed his Bachelor's degree in Computer Security from Northumbria University. When he isn’t glued to a computer screen, he spends his time reading InfoSec materials, playing basketball, learning French and traveling. You can follow him on Medium or visit his Website for more stories about the various Security Audits he does and the crazy vulnerabilities he finds.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany