The world’s largest domain registrar, GoDaddy, with about 19 million customers was hit by a security data breach on October 2019.
The company on Tuesday reported confirmation of this October breach, stating that it was an unauthorised individual who was able to access thousands of hosting accounts.
A Little Recap of this Breach
The confirmation of the data breach, in an email signed by GoDaddy CISO and vice-president of engineering, Demetrius Comes, revealed that the security incident in question came to light after suspicious activity was recently identified on some GoDaddy servers.
The breach appears to have occurred on October 19, 2019, as per the State of California Department of Justice.
The email notification stated that, upon an investigation of the incident, it was determined that an “unauthorized individual” had gained access to login credentials that meant they could “connect to SSH” on the affected hosting accounts.
SSH stands for secure shell, a network protocol used by system administrators to access remote computers.
The GoDaddy breach underlines just how important SSH security is. SSH is used to access an organisation’s most critical assets, so it’s vital that organisations stick to the highest security level of SSH access and disable basic credential authentication, using machine identities instead.
This involves implementing strong private-public key cryptography to authenticate a user and a system.
GoDaddy Issues a Formal Report Throwing Light on the Breach
The company’s engineering vice-president Demetrius Comes cited that they found no evidence of the attackers modifying or deleting any files on the affected accounts.
GoDaddy email said that the breach is limited only to hosting accounts and did not involve customer accounts or the personal information stored within them.
All the impacted accounts’ usernames and passwords were reset. The individual did not have access to customers’ main GoDaddy accounts.
GoDaddy has also recommended, “out of an abundance of caution,” that users audit their hosting accounts.
GoDaddy Provides Free Security Services to Affect Accounts
In a notification to the affected customers, GoDaddy has expressed regret of the incident to have occurred. It also confirmed that it will provide a complimentary 1 year of Website Security Deluxe and Express Malware Removal at no cost.
These security and malware removal services run scans on your website to identify and alert you of any potential security vulnerabilities.
With this service being active, if a problem arises, there is a special way to contact the security team and they will be there to help.
GoDaddy Affected by Multiple Breaches over Time
This is not the first time GoDaddy has been forced to own up to cyber security failures. It has been hit by multiple major breach incidents, with a degree of regularity.
In March, KrebsOnSecurity reported a GoDaddy employee was phished, which led to an attacker changing the DNS entries for the Freelancer-owned Escrow.com.
Two hours later, Freelancer CEO Matt Barrie said in a notice that Escrow was able to regain control of its DNS entries, and none of its systems were compromised.
On April 23, 2020, the GoDaddy team that the SSH usernames and passwords were compromised by an unauthorized individual in their hosting environment.
This access affected approximately 28,000 customers.
Back in 2017, it was forced to revoke almost 9,000 SSL certificates when a bug in its domain validation processing system resulted in certificates being issued without proper domain validation.
Later in 2018, GoDaddy reportedly leaked out its data when it failed to properly lock down an Amazon Web Services Simple Storage Service (AWS S3) instance.