GoDaddy hacked! Yes, you read that right. GoDaddy, one of the leading players in the domain and hosting Industry, recently admitted to a security breach.
GoDaddy is the biggest domain registrar in the world, with more than 78 Million domains registered with it and 19 million customers. They have been leading the Industry for quite many years and are also the most prominent advertisers.
About the issue –
GoDaddy recently admitted to a security breach in which an individual accessed data of 28,000 hosting accounts. They emailed every one of these users about the breach and informed that the unauthorized person had access to the SSH credentials of these accounts. Although, GoDaddy also reported that they had no evidence of any files being compromised or any specific changes being done to any of these accounts. They immediately reset the usernames and passwords and also removed the unauthorized SSH file from the platform.
Although, the hacker did not have access to the main GoDaddy accounts of the affected customers, according to a spokesperson at GoDaddy. The incident happened in October 2019, and the revelations come out too late. The attacker probably had access to these accounts for an extended period, which is a cause of worry for the customer base. GoDaddy also stated that after changing the passwords, they also made the accounts more secure, “out of an abundance of caution.”
According to the information received from the California Department of Justice, the incident of breach took place on October 19, 2019, and it was reported on May 3, 2020. The cause of worry is that the violation was not reported for more than six months. Although GoDaddy is issuing statements that no files were being compromised, if the incident is reported after six months, it raises a lot of eyebrows. With such a long time of access, it also seems dubious to assume that no files were accessed or changed according to the official statements of the company.
GoDaddy provides free security services to all the affected customers –
In light of the incident, GoDaddy regretted the act and also provided 1 Year of website Security service at no extra money charge to these customers. These services are known to scan websites for possible malware and malicious activities and informed the experts well in advance of any such action. Although, recent events suggest that this single step would not be enough to prevent such attacks in the future. GoDaddy needs to consider increasing data security, particularly SSH security, for all its users.
The incident also tells us about the importance of SSH security. SSH is a crucial fragment of the hosting Industry and is used to connect to machines hosting the websites. Companies are overlooking the protection of the way these servers are connected via SSH. There needs to be a check on the type of user connecting to SSH as it allows both automated and user access currently. An extra layer of protection must be added to these SSH systems so that they verify the port of access, which will help prevent unauthorized access in the future.
GoDaddy has a long history of breaches in the past –
This is not the first time that a security breach has hit GoDaddy. The closest incident to remember happened in March when one of GoDaddy’s employees was phished. The attacker used unauthorized information to get access to DNS entries on the popular website escrow.com. Although, two hours later, the CEO of freelancer.com, which owns escrow.com, issued a statement that they have regained access to the DNS entries and prevented the attack.
Another incident took place on April 23, 2020, when an unauthorized individual was accessing the SSH usernames and passwords of a lot of fo accounts within their hosting environment.
In 2017, GoDaddy surprised everyone by revoking back about 9000 SSL certificates. Later, they informed everyone that a bug in the system made them issue all these certificates without proper domain validation.
In another incident back in 2018, GoDaddy exposed the essential credentials of tens of thousands of individuals due to the error created with Amazon AWS. This was a case of cloud storage configuration, which also caused a lot of short term troubles to the company.