GoDaddy breach found after 6 months

GoDaddy Security breach discovered after 6 months

Security Breach

GoDaddy, the largest hosting company in the world, announced on the 23th April 2020 that their security was breached on the 19th October 2019.

The public announcement from GoDaddy reads:

“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”

If you have been affected by this breach, you would probably already been notified or will be notified soon. There are several issues with this breach. Firstly, it can be presumed that the breach affected their main operation and not one of the other companies that they own.  They own the hosteurope group of hosting companies which they bought in 2017. Host Europe includes: Heart Internet, Mesh Digital Host Europe, Webfusion, Red Coruna and Domainbox. GoDaddy has also bought up many other companies. Any of these could have been in the breach but it appears that only the main brand that is affected.

Certificate found on GoDaddy SSH server

What happened

It appears that someone managed to get their certificate in to a server. This allowed them to have access to everyones files on the server even if the affected client changed their password.

How does this affect the server

There are generally two ways to authenticate to the SSH server, through either username and password or username and certificate (private/public key). Using a certificate is very secure and the recommended way to connect as it doesn’t require the exchange of a password but uses the robist public key technology to authenticate you. In this case the attacker managed to get their certificate installed on teh server and granted access to every account on the server.

What have they done to fix it

GoDaddy said that they have removed the certificate and that there is no evidence that anything malicious had happened. That being said they did not notice that there was a problem for nearly seven months.

Alternatives

We can help if you have been negatively affected by this experiance. Get your account in the CritchCorp Computers Ltd Store. If you prefer friendly, personal assistance with your website then we can help.

Keep Safe

CrichCorp

Get secure hosting on servers with far less than 28,000 other clients.

Comment (3)

  • anon| 26 July, 2020

    I have had nothing but bad experiences with godaddy. I am using 123-reg.co.uk now. They are a bit better.

    • CritchCorp| 5 August, 2020

      Hi,

      Sorry to tell you, but 123-reg is part of Host Europe, which was bought by Go Daddy. That might be why they are only a bit better as they integrate in to the GoDaddy systems.

      For a truly superior experience try our new Feature Rich cPanel Hosting. https://store.cc-computers.com/cart.php?gid=1

      We will also have some dedicated WordPress hosting and even some FREE hosting coming soon.

      CritchCorp

  • aoefokuiso| 26 July, 2020

    I hate goDaddy anyway. This always seems to happen to companies when they get too big.
    Everyone should try to support local British businesses, like yours.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *