The world's largest domain registrar, GoDaddy, with 19 million customers, has disclosed a data breach impacting web hosting account credentials.With more than 19 million customers, 77 million domains managed, and millions of websites hosted, most everyone has heard of GoDaddy. According to Bleeping Computer, which broke the news yesterday evening, an as yet unknown number of customers have been informed that their web hosting account credentials had been compromised.
What is known so far about the GoDaddy data breach?The confirmation of the data breach, in an email signed by GoDaddy CISO and vice-president of engineering, Demetrius Comes, revealed that the security incident in question came to light after suspicious activity was recently identified on some GoDaddy servers. The breach itself appears to have occurred on October 19, 2019, according to the State of California Department of Justice, with which the disclosure notification email sample was filed.
Exclusive: Cybersecurity And Covid-19 - The First 100 Days
‘Not Zoom’ Doesn’t Mean Better For Your Privacy. Here’s Why
US Preps For ‘COVID-19 Mass Vaccination’ With $110 Million Spent On Needles And Syringes
While HIPAA covered entities and business associates are required to investigate all security incidents, a '"breach" is not determined until the entities confirm that "acquisition, access, use or disclosure of PHI in a manner not permitted [under the regulations] which compromises the security or privacy of the PHI" occurred, she notes.
Which GoDaddy accounts are affected by the breach?
Importantly, the GoDaddy email said that the breach is limited only to hosting accounts and did not involve customer accounts or the personal information stored within them. It noted that no evidence was found to suggest that any files were modified or added to the affected accounts but fell short of mentioning if files had been viewed or copied. However, all impacted hosting account logins have been reset, and the email contained the procedure customers need to follow in order to regain access to the hosting accounts concerned. GoDaddy has also recommended, "out of an abundance of caution," that users audit their hosting accounts.
MORE FROM FORBESGhost Confirms Hack Attack: 750,000 Users Spooked By Critical Vulnerability
However, the investigation into this incident is far from over. While the attacker has been "blocked from our systems," the email said, it also stated that GoDaddy is continuing to determine any potential impact across its environment. Information is scarce, at this stage, beyond what I've already detailed. I have reached out to GoDaddy with regards to how many customer accounts were affected and will update this article once I have an official response.
GoDaddy to provide free security services to those affected
Meanwhile, GoDaddy has said it will provide a complimentary years’ worth of security and malware removal services for those customers affected, and has expressed "regret this incident occurred."This is the second notable security GoDaddy incident to be reported with the space of just a few weeks. On March 31, former Washington Post journalist Brian Krebs detailed how a GoDaddy employee "had fallen victim to a spear-phishing attack," that led to the hacking of a small number of GoDaddy domain customers.
— Updated May 5 with comment regarding SSH from threat intelligence specialist