View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Domain Registrar GoDaddy Admits to a Data Breach From October

All affected account holders have had their details reset and the threat actor has now been blocked from the system.

By claudia glover

Online hosting company GoDaddy admits to a data breach that left thousands of accounts open to a threat actor in October 2019.

A court document outlining the malicious activity was made available to affected customers by GoDaddy CISO and engineering VP Demetrius Comes.

The document noted: “We recently identified suspicious activity on a subset of our servers and immediately began an investigation. The investigation found that an unauthorised individual had access to your login information used to connect to SSH on your hosting account.

Read This! Marriott International Cites Insurance to Downplay Data Breach

“We have no evidence that any files were added or modified on your account. The unauthorised individual has been blocked from our systems, and we continue to investigate potential impact across our environment”.

According to Comes, all affected account holders have had their details reset and the threat actor has been blocked from the system.

Founded in 1997, GoDaddy is a leading domain registrar and web hosting company, providing services for site owners, bloggers and businesses.

Not GoDaddy’s First Breach

The web hosting service is fairly accustomed to data breaches; in 2018 the company attracted media attention when an Amazon Simple Storage Service (AWS S3) bucket was not locked down properly resulting in user data being leaked.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In 2017, the company retracted up to 9,000 secure socket layer (SSL) certificates, used to encrypt online data transfers such as credit card transactions, after a bug resulted in certificates being issued without appropriate domain validation.

Threat intelligence specialist at Venafi Yana Blachman explained the breach further: “The GoDaddy breach underlines just how important SSH security is. SSH is used to access an organisation’s most critical assets, so it’s vital that organisations stick to the highest security level of SSH access and disable basic credential authentication, and use machine identities instead. This involves implementing strong private-public key cryptography to authenticate a user and a system.

“Alongside this, organisations must have visibility over all their SSH machine identities in use across the data centre and cloud, and automated processes in place to change them. SSH automates control over all manner of systems, and without full visibility into where they’re being used, hackers will continue to target them”.

Don’t Leave Before You’ve Read This! NHS Seeks Purchasing Framework to Replace “Outdated” Pager System

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.