The world's largest domain specialist, GoDaddy, has a problem, 28,000 hosting accounts have been exposed, and the company confirmed it themselves.
GoDaddy has been steadily growing in popularity in terms of hosting domains, and this has been good business for them. With over 78 million domains under their name and 19 million customers, which is a significant number of people and company's taking advantage of its services.
What Happened To GoDaddy?
GoDaddy went over and talked to BleepingComputer that 28,000 of their customers' hosting accounts have been compromised in a recent security breach.
The company immediately notified the users through an email saying that there was an "unauthorized individual" who gained access to their login information. Which they promptly added that there seemed to be no evidence in any of those accounts that the files had been compromised or modified.
Lastly, the company informed the users that the individual is already blocked from all of their systems.
GoDaddy Sent Out A Statement
GoDaddy has revealed as well that the affected web hosting accounts were exposed through an altered SSH file in which the company already removed from their platform to be able to protect the rest of the millions of users still active until this day.
The security breach took place way back October 19, 2019, and was just recently discovered on Apr. 23. This was because the company's security team was able to detect suspicious activity from some of the servers they had.
GoDaddy went on to clarify that only the usernames and passwords used to remotely access hosted servers and that "the threat actor did not have access to customers' main GoDaddy accounts."
The company also said to the customers who were affected to immediately change their passwords and make it even more secure "out of an abundance of caution."
Yana Blachman, threat intelligence specialist of Venafi, said, "The GoDaddy breach underlines just how important SSH security is ...SSH is used to access an organization's most critical assets, so it's vital that organizations stick to the highest security level of SSH access and disable basic credential authentication, and use machine identities instead ... this involves implementing strong private-public key cryptography to authenticate a user and a system."
GoDaddy Provides Free Security Services To Affected Users
As the incident is far from over, the company has offered a complimentary years' worth of security and malware removal systems and has expressed deep regret of what has happened with the incident.
GoDaddy's servers were previously breached just recently, and it looks like the threats aren't over until the system and servers are thoroughly cleansed of any backdoors that hackers would be able to exploit.