GoDaddy is a strange name for an American Internet company, but they are well known in the US and UK as they provide Internet domain names and web hosting for more than 20 million customers worldwide.
However, the email addresses of up to 1.2 million active and inactive Managed WordPress customers exposed in a data breach.
The company say they identified suspicious activity in the Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.
They notified the potentially affected customers that their web hosting account credentials had been compromised by an “unauthorized individual” who had gained access to login credentials that meant they could “connect to SSH” on the affected hosting accounts. SSH is an acronym for secure shell, a network protocol used by system administrators to access remote computers. SSH is, as you might imagine then, quite a useful attack vector for hackers.
Which Accounts Are Affected
The GoDaddy email said that the breach is limited only to hosting accounts and did not involve customer accounts or their personal information. It noted that no evidence was found to suggest that any files were modified or added to the affected accounts but fell short of mentioning if files had been viewed or copied. However, all impacted hosting account logins have been reset, and the email contained the procedure customers need to follow in order to regain access to the hosting accounts concerned. GoDaddy has also recommended, “out of an abundance of caution,” that users audit their hosting accounts.
GoDaddy said it will provide free security services to those affected for a year at no charge.
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
If you have any experiences with these scams do let me know, by email.