Web hosting giant GoDaddy® has suffered a breach affecting thousands of users, per reports of security researchers. The data breach occurred in October 2019, but was first discovered on April 23rd of this year. The company has sent an email notification to customers it believes were directly affected.
In the breach, secure shell (SSH) network protocol usernames and passwords were compromised when an unauthorized user gained access to login credentials that enabled them to connect to SSH on hosted accounts. The SSH protocol is generally used by network administrators to access remote computers.
While GoDaddy reports that it does not have indications of specific files being added or modified on web hosted accounts, existing data may have been accessed and exfiltrated. An investigation into the incident is ongoing, and additional potential impact is being assessed.
The company has sent email messages to approximately 28,000 customers it believes to be affected, and has directed users to reset their login information. GoDaddy expressed its regrets for the breach, and offered a complimentary year of malware removal and security services to those directly impacted.
- ACA recommends taking the following actions regarding the GoDaddy breach:
- Reset all account passwords with GoDaddy.
- If not already in place, implement multi-factor authentication for all GoDaddy accounts.
- Review log files for websites hosted by GoDaddy, looking for unauthorized activity.
- Conduct a code review of websites hosted by GoDaddy, looking for any potential unauthorized changes.
- If unauthorized log activity or coding changes are discovered, restore the website hosted by GoDaddy from a known good backup.
- Inform staff of the breach, and provide similar guidance regarding personal websites hosted by GoDaddy.
ACA is actively monitoring the developments related to COVID-19 and producing resources to help your firm address operational challenges created by this pandemic. Visit our COVID-19 Resources page to access all of the resources we've developed that may help your firm navigate through the restrictions in place to curb the pandemic.
How We Help
ACA offers the following solutions that can help firms enhance their cybersecurity in light of the announced Apple iPhone and iPad email vulnerability:
- Free online cybersecurity training
- Phishing testing and cyber awareness
- Penetration testing and vulnerability assessments
- Threat intelligence
- Cyber incident response planning
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.