GoDaddy, the largest hosting company in the world, announced on the 23th April 2020 that their security was breached on the 19th October 2019.
The public announcement from GoDaddy reads:
“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”
If you have been affected by this breach, you would probably already been notified or will be notified soon. There are several issues with this breach. Firstly, it can be presumed that the breach affected their main operation and not one of the other companies that they own. They own the hosteurope group of hosting companies which they bought in 2017. Host Europe includes: Heart Internet, Mesh Digital Host Europe, Webfusion, Red Coruna and Domainbox. GoDaddy has also bought up many other companies. Any of these could have been in the breach but it appears that only the main brand that is affected.
It appears that someone managed to get their certificate in to a server. This allowed them to have access to everyones files on the server even if the affected client changed their password.
How does this affect the server
There are generally two ways to authenticate to the SSH server, through either username and password or username and certificate (private/public key). Using a certificate is very secure and the recommended way to connect as it doesn’t require the exchange of a password but uses the robist public key technology to authenticate you. In this case the attacker managed to get their certificate installed on teh server and granted access to every account on the server.
What have they done to fix it
GoDaddy said that they have removed the certificate and that there is no evidence that anything malicious had happened. That being said they did not notice that there was a problem for nearly seven months.
We can help if you have been negatively affected by this experiance. Get your account in the CritchCorp Computers Ltd Store. If you prefer friendly, personal assistance with your website then we can help.