GoDaddy has informed a number of its customers that an unauthorized party has used their hosting account details to log in to their hosting account via SSH.
The security incident took place on the 19th. October 2019, after a security team discovered suspicious activity on a subset of the GoDaddy servers.
GoDaddy is the world’s largest registrar of domain names and web hosting, with approximately 19 million customers worldwide.
Resetting Hosting Account Passwords
The investigation revealed that an unauthorized person had access to your registration data used to log into SSH on your hosting account. GoDaddy found this in a letter of notification to affected customers.
The company states that it has found no evidence that the attackers added or changed files on the hosting of the attacked accounts.
The company also assured affected users that only their hosting accounts were affected by the incident, while their main GoDaddy account was inaccessible to attackers.
We have proactively reset the login details of your hosting account to prevent potential unauthorized access, added GoDaddy.
Customers are also advised to check their hosting accounts to make sure everything is in order.
This incident is limited to your hosting account. Your primary GoDaddy.com account and the information stored in your account was not accessible by this threat provider. – GoDaddy
Although the wording of the notification letter does not indicate the exact cause of the incident, the GoDaddy message and the offer of free services indicate that customers are unlikely to be responsible.
On behalf of the entire GoDaddy team, we would like to say how much we appreciate your company and that we sincerely regret this incident. We’ll give you a year’s free malware removal, the letter says.
These services scan your website to identify and alert you to potential security vulnerabilities. Thanks to this service it is possible to contact our security team in case of a problem and they will help you.
BleepingComputer contacted GoDaddy for additional information, but had not yet received a response at the time of publication.
Previous GoDaddy Problems and compromised accounts
Last year, fraudsters used hundreds of compromised GoDaddy accounts to create 15,000 subdomains, some of which tried to impersonate popular websites to redirect potential victims to spam sites promoting snake oil products.
This script was used to check websites for internal bottlenecks and to collect data on connection times and page load times – called Real User Metrics (RUM) – of American customers with cPanel Shared Hosting or cPanel Business Hosting.