GoDaddy reports data breach involving SSH access on hosting accounts
GoDaddy on Tuesday reported [PDF] an October data breach to Californian authorities, stating that an unauthorised individual was able to access SSH accounts used in its hosting environment.
"We have no evidence that any files were added or modified on your account," the company said while omitting evidence that files could have been viewed and exfiltrated.
"The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment."
GoDaddy said the breach did not impact the "main GoDaddy.com customer account" and that any information within that account was not accessed.
The company said it has reset passwords and would provide impacted customers with a year of its website security and malware removal service for free.
"These services run scans on your website to identify and alert you of any potential security vulnerabilities," it said.
"With this service, if a problem arises, there is a special way to contact our security team and they will be there to help."
The domain giant also said customers should audit their hosting accounts.
In February, the company reported full-year net income of $138.4 million on revenue of $2.99 billion. GoDaddy said it had 19.3 million customers as of the end of 2019.
For its fourth quarter, the company reported revenue of $780 million, made up of $352 million from domains, $293 million from hosting, and $135 million from business applications.
In March, KrebsOnSecurity reported a GoDaddy employee was phished, which led to an attacker changing the DNS entries for the Freelancer-owned Escrow.com.
Two hours later, Freelancer CEO Matt Barrie said in a notice that Escrow was able to regain control of its DNS entries, and none of its systems were compromised.
"During the incident, our security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account," Barrie said.
"During this phone call, our security team learned that the route of entry was that the hacker had unlawfully accessed our registrar's internal support systems and was using them to make changes on Escrow.com's account."
Related Coverage
- Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others
- GoDaddy posts solid Q4 with Business Applications growth
- Widespread scam campaigns targeting millions uncovered by GoDaddy and Palo Alto Networks (TechRepublic)
- GoDaddy injecting site-breaking JavaScript into customer websites, here's a fix (TechRepublic)