Around 28,000 hosting accounts got compromised in GoDaddy data breach

One of the largest hosting provider company, GoDaddy disclosed the information about unauthorized attack. On May 4, 2020 the SSH credentials of nearly 28,000 GoDaddy hosting accounts were compromised by an unauthorized attacker. Here’s the public statement from GoDaddy:

On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.

GoDaddy Hosting Service

SSH credential is extremely secured if configured in a correct way. Many people use SSH to connect to their hosting accounts for moving files, uploading files run commands. GoDaddy also said that we found no evidence that any file added or modified for the affected accounts. The incident was only limited to hosting accounts of users with no affect to customer accounts.

In response to this breach, GoDaddy will provide a free year of Website security deluxe and Express malware removal for the affected accounts. Further the company is advising users to conduct an audit their hosting accounts. The person behind this breach was also blocked from GoDaddy’s system.

According to a security service wordfence, “In the case of this breach, it appears likely that an attacker placed their public key on the affected accounts so that they could maintain access even if the account password was changed.”

According to Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic “The data breach should be a large concern for GoDaddy customers. Any authorized access using SSH accounts should not have happened if the company is using Multi-factor Authentication (MFA) or Privileged Access Management(PAM) for remote access accounts.

How to protect your account?

Before telling you the steps, it is very much important to know about Phishing. Breaches like the above mentioned can be a prime target for attackers who use phishing method to infect users.

In simple terms, phishing is an attack where the attackers send email with malicious links that appears to come from a legitimate source. Take care of these points to stay away from pihshing attack:-

  • Check E-mail address: If the source e-mail does not come from registered GoDaddy domain, it may be an attempt for phishing.
  • Close look at E-mail content: Professional email does not contain misspellings and has minimal typos.
  • Scary Messages: None of the company try to scare you through e-mails. E-mails from the company does nor ask you for the information.

Apart from these steps there are two security points that you must follow.

  • Create a strong password: Do not create password that contains your name or your site name. Always create password with random alphabets, numbers and symbols. You can use password manager if you have trouble in remembering passwords.
  • Use two-factor authentication: Using this step will add an additional layer of security to your hosting. In this method, you will need to enter code sent to your mobile or email even after entering the correct password. So it makes out hosting more secure.

Leave a Reply

Your email address will not be published.