Address:
CritchCorp Computers Ltd
132 - 134 Great Ancoats Street
Manchester
M4 6DE
(Official Correspondence only)

GoDaddy breach found after 6 months

Security Breach

GoDaddy, the largest hosting company in the world, announced on the 23th April 2020 that their security was breached on the 19th October 2019.

The public announcement from GoDaddy reads:

“On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.”

If you have been affected by this breach, you would probably already been notified or will be notified soon. There are several issues with this breach. Firstly, it can be presumed that the breach affected their main operation and not one of the other companies that they own.  They own the hosteurope group of hosting companies which they bought in 2017. Host Europe includes: Heart Internet, Mesh Digital Host Europe, Webfusion, Red Coruna and Domainbox. GoDaddy has also bought up many other companies. Any of these could have been in the breach but it appears that only the main brand that is affected.

Certificate found on GoDaddy SSH server

What happened

It appears that someone managed to get their certificate in to a server. This allowed them to have access to everyones files on the server even if the affected client changed their password.

How does this affect the server

There are generally two ways to authenticate to the SSH server, through either username and password or username and certificate (private/public key). Using a certificate is very secure and the recommended way to connect as it doesn’t require the exchange of a password but uses the robist public key technology to authenticate you. In this case the attacker managed to get their certificate installed on teh server and granted access to every account on the server.

What have they done to fix it

GoDaddy said that they have removed the certificate and that there is no evidence that anything malicious had happened. That being said they did not notice that there was a problem for nearly seven months.

Alternatives

We can help if you have been negatively affected by this experiance. Get your account in the CritchCorp Computers Ltd Store. If you prefer friendly, personal assistance with your website then we can help.

Keep Safe

CrichCorp

Get secure hosting on servers with far less than 28,000 other clients.

SOCIAL MEDIA

CritchCorp Smart™

Enter your email address and keep up-to-date with the latest security news, product releases and promotional offers

Thank You, we'll be in touch soon.
CritchCorp Computers Ltd is an approved partner with Faster Britain.

© CritchCorp Computers Ltd, 2006 - 2023