GoDaddy Data Breach Affects 28,000 User Accounts
GoDaddy, the world”s largest domain registrar, has confirmed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in October 2019.
Unfortunately, the web-hosting company only discovered the breach in late April and filed a breach notice with California”s Attorney General’s Office earlier this week.
Were you a victim of a data breach? Time to find out with Bitdefender”s Digital Identity Protection tool.
An “unauthorized individual had access to your login information used to connect to SSH on your hosting account,” said Demetrius Comes, the company’s CISO. “This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”
Although the breach is said to be limited to hosting accounts, excluding customer accounts and personal information, GoDaddy also reset passwords and usernames for some of their customers.The company gave no additional details of the incident, so it”s unknown how the bad actor gained access to customer login credentials. However, the cybercriminal may have managed to steal credentials or use brute force attacks to guess the password of customers.
“We have proactively reset your hosting account login information to help prevent any potential unauthorized access,” the company said. After apologizing to customers, GoDaddy pledged to provide website security and malware removal services free of charge.
“On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred,” the company said. “We are providing you one year of Website Security Deluxe and Express Malware Removal at no cost. These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.”
This is not the company”s first security incident this year. In early March, a spear-phishing campaign targeted a GoDaddy employee, leading to the threat actors gaining access to customer records. The attackers were also able to change DNS settings for some hosted websites.
For the moment, the two incidents have not been linked, and users are advised to closely monitor their accounts, making sure not to use recycled passwords.
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022
Top Three Ways Internet Users Unknowingly Help Cybercriminals
February 25, 2022