Even if you don't own a website, you must have heard about GoDaddy or seen one of their commercials. Go Daddy is one of the biggest and domain registration and hosting company with roughly 19 million customers around the world. Like many big companies, they too have been targeted by hackers and announced they had a data breach.
According to BleepingComputer, the breach took place on October 19th, 2019. It was discovered six months later on April 23rd, 2020, after the company's security team found a suspicious file in their hosting environment and noticed suspicious activity on a subset of GoDaddy's servers. GoDaddy notified some of its customers that an unauthorized 3rd party had used their web hosting account credentials to connect to their hosting account via SSH.
GoDaddy's Vice President for Corporate Communications gave an official statement:
"On April 23rd, 2020, we identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed the offending SSH file from our platform, and have no indication the threat actor used our customers' credentials or modified any customer hosting accounts. To be clear, the threat actor did not have access to customers' main GoDaddy accounts."
There were also reports of successful phishing attempts to GoDaddy's support employees, which could be related to the event.
What should I do if I have a GoDaddy account?
If you have or had or don't remember having a GoDaddy account, you can check if you're account had been breached for free with Guardio's scan and keep all your emails monitored. We recommend changing the credentials for any breached account, read the full step by step guide on how to handle a data breach.