GoDaddy Warns Customers Of Password Breach

Matthew Broersma,
Cloud Security

Attackers gained access to customers’ websites last October, says hosting giant, but only via SSH, with ‘main accounts’ not affected

Web hosting company GoDaddy has warned of a data breach that affected clients’ SSH accounts.

The company said it had detected suspicious activity on some of its clients’ servers on 19 October of last year.

It notified the clients that were affected and also informed authorities in California of the breach.

The attackers did not obtain the credentials used to log into clients’ main GoDaddy accounts, but were able to access websites via Secure Shell (SSH), which allows users to carry out operations such as executing commands and manipulating files.

HSBC, security, hacking, godaddySSH access

“The investigation found that an unauthorised individual had access to your login information used to connect to SSH on your hosting account,” GoDaddy said in a notice sent to affected customers and filed with regulators.

It said it had “no evidence” that files had been “added or modified” on affected accounts.

“This incident is limited in scope to your hosting account,” GoDaddy stated in the notice.  “Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.

“The unauthorised individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”

GoDaddy didn’t indicate whether files may have been viewed or stolen, and gave no details as to how the breach may have occurred.

Security breach

The company said it had reset the affected customers’ passwords and offered them free website security and malware removal services for a year.

The firm advised users to audit their hosting accounts.

The Arizona-based firm is the world’s largest domain registrar and provides hosting services to about 19 million people around the world.

Last April GoDaddy shut down more than 15,000 subdomains hosted on its customers’ sites that were used by scammers to sell products such as brain-enhancement pills and miracle weight-loss drugs.

The domains were created by spammers as a way of circumventing spam blacklists, according to researchers at Palto Alto Networks.