GoDaddy recently announced that up to 28,000 customer accounts have been compromised by hackers.
This security incident, which occurred on October 19, 2019, was discovered at the end of last month. Specifically, on 23/4/2020.
Accordingly, GoDaddy discovered that there was an altered SSH file in its hosting environment, which operates on a subset of the servers. The incident affected about 28,000 web hosting accounts of customers.
Immediately after the discovery, GoDaddy’s security team actively investigated and actively reset the hosting account login information and sent the email notification to customers. Email content says:
- Only the username and password to access the hosting account has been compromised, this information cannot be used to access the customer’s main account.
- Affected accounts have their login credentials reset, customers need to follow GoDaddy’s instructions to regain access to their accounts.
GoDaddy also said that they did not find any evidence that the file in the compromised account was modified, customers can rest assured. Hackers have also been blocked from the system.
As compensation, Godaddy also offers a free one-year security service for Website Security Deluxe and Express Malware Removal (priced at $19.99/month and $25/month respectively).
Although the notification email did not identify the exact reason behind this incident, GoDaddy’s efforts, along with the free donation of services, show that the cause is NOT from the customer.
Last year, hundreds of GoDaddy accounts were compromised to create up to 15,000 subdomains, impersonating well-known websites to cheat customers. Previously, GoDaddy was also discovered to have put JavaScript code on the website of some customers in the US without prior permission.
