GoDaddy confirms an ‘unauthorized individual’ accessed 28,000 hosting accounts

Popular web hosting platform GoDaddy has admitted that 28,000 customer hosting accounts were compromised in a security breach.

According to BleepingComputer, GoDaddy recently informed customers that an ‘unauthorized individual’ had gained access to login information of the company’s hosting accounts.   

GoDaddy says that though user accounts had been accessed there was no evidence that they had been modified. It has since reset passwords of those affected. 

The company is also still advising customers to review their accounts t make sure  

It also note that only login and password information of hosting accounts were compromised while main accounts had not been breached.

The individual responsible for the breach was discovered after GoDaddy found an altered SSH file – a cryptographic protocol used in security – as well as ‘suspicious activity’ on its servers.

According to GoDaddy, the breach was discovered late last month but occurred in October 2019. As noted by BleepingComputer, GoDaddy is the world’s biggest domain registrar and a web hosting company and services about 19 million customers.

‘On April 23, 2020, we identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment. This affected approximately 28,000 customers,’ GoDaddy said in a statement to BleepingComputer.

‘We immediately reset these usernames and passwords, removed the offending SSH file from our platform, and have no indication the threat actor used our customers’ credentials or modified any customer hosting accounts.’

GoDaddy says that it will provide customers affected with malware scanning software for a year.

As per the company: 

‘These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.’