On Tuesday, Domain registrar giant Godaddy reported [PDF] the hosting SSH accounts credentials compromised “an unauthorized individual succeeded to access the hosting accounts via SSH.” to Californian authorities.
The data breach took place on October 19, 2019, and went undetected until GoDaddy noticed suspicious activity on a subset of its servers on April 23, 2020.
As a result, The breach only affected hosting accounts, not general Godaddy.com customer accounts and no customer data was accessed in the main accounts. GoDaddy is the world’s largest domain registrar, managing 77 million domains but 28,000 customers were affected by the breach.
The company reported, “On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment”.
Reportedly, “We have no evidence that any files were added or modified on your account,” the files would have been viewed and eliminated while omitting the proof.
However, the company stated that: “The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”
GoDaddy reported that the “main GoDaddy.com customer account” and information within that account was not infected by the data breach.
To keep secure in the future, all the accounts passwords have been reset. By a company, the impacted users would be facilitated with the services for website security and malware removal service free for a year. “These services run scans on your website to identify and alert you of any potential security vulnerabilities.”
The company also said: “With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.”
The users would be asked by the domain giant to check and investigate their hosting accounts.
Reportedly by the company, in February, the yearly net income is $138.4 million on revenue of $2.99 billion. While, at the end of 2019, GoDaddy said it had 19.3 million users.
The company reported the following revenues for its fourth quarter:
- Revenue of $780 million, made up of $352 million from domains
- Revenue of $293 million from hosting
- Revenue of $135 million from business applications
Reportedly in March, GoDaddy’s employe was phished by KrebsOnSecurity. As a result, the DNS entries were changed by the attacker for the Freelancer-owned Escrow.com.
The Freelancer CEO Matt Barrie said; Escrow got back control of its DNS entries just after the 2 hours, and none of its systems were compromised.
Barrie also stated that:
“During the incident, our security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account”
“During this phone call, our security team learned that the route of entry was that the hacker had unlawfully accessed our registrar’s internal support systems and was using them to make changes on Escrow.com’s account.”