GoDaddy has admitted to BleepingComputer that 28,000 customers’ hosting accounts had been compromised in a security breach. The company notified affected users through an email that an “unauthorized individual” obtained access to their login information. It added that it found no evidence that the compromised accounts’ files had been modified in any way and that it had already blocked the unauthorized individual from its systems.
In a statement sent to the publication, GoDaddy revealed that the affected web hosting accounts had been exposed through an altered SSH file, which it has already removed from its platform to protect the rest of its 19 million users. The security incident took place on October 19th, 2019 and was discovered on April 23rd, 2020 after the company’s security team detected suspicious activity on some of its servers.
GoDaddy clarified in its statement that only the usernames and passwords used to access remotely hosted servers were compromised and that “the threat actor did not have access to customers’ main GoDaddy accounts.” It also told affected customers that their login information had been reset and that they need to take extra steps to regain access to their accounts “out of an abundance of caution.”