Somewhere around 19 million customers and 77 million domains hosted by GoDaddy may have been exposed in its latest hack. Although GoDaddy only admits to 28,000 customers being affected.
GoDaddy (website here) admitted that ‘an unauthorised party used some of its customer’s web hosting account credentials to connect to their hosting account via SSH (Secure Shell protocol uses encryption to secure the connection between a client and a server).
The incident happened on 19 October 2019 and GoDaddy discovered it on 23 April 2020. The question is what happened in those seven uninterrupted months? You have to expect a raft of time bombs sitting patiently to be activated.
The rather cursory GoDaddy notification is below
Note there is no breach notice on its website! We think that is inexcusable.
Subject line of email: Security Incident Impacting Your GoDaddy Web Hosting Account
We need to inform you of a security incident impacting your GoDaddy web hosting account credentials.
We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorised individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorised individual has been blocked from our systems, and we continue to investigate potential impact across our environment.
We have proactively reset your hosting account login information to help prevent any potential unauthorised access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account.
This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.
On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred. We are providing you one year of Website Security Deluxe and Express Malware Removal at no cost. These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.
Again, we apologise for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident. If you have any questions, or you need further assistance, please call [insert call centre number and hours of operation].
Thank you, Demetrius Comes
It is not the first time for GoDaddy
GoDaddy has been the web-hoster of choice for scammers. They have used hacked GoDaddy customer accounts to create thousands of sub-domains. These usually impersonate popular websites to steal a visitor’s identity.
GoDaddy is a low-cost web-hoster and as such any hack has a greater numerical impact. GadgetGuy noticed that a number of GoDaddy sites have been inaccessible for over a week affecting their owner’s ability to do e-commerce.
In any case, why did it take seven months to identify the breach!