Go Daddy have confirmed a data breach which affects 28,000 customers

If you’re currently using Go Daddy as your website hosting provider, you should be looking at the security of your account, particularly if you have received a notification email advising your account could have been compromised. 



Go Daddy Data Breach - What you need to know


As you may have already seen by now, Go Daddy have suffered a major data breach which they believe will have affected approximately 28,000 of their customers. What is also concerning, and is often the case with data breaches, is how long it has taken for this issue to have been identified. The security incident occurred on  the 19th October 2019 and was finally discovered on the 23rd April 2020, 6 months later.

In a statement made to Bleeping Computer, Go Daddy confirmed:

On April 23, 2020, we identified SSH usernames and passwords had been compromised through an altered SSH file in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed the offending SSH file from our platform, and have no indication the threat actor used our customers’ credentials or modified any customer hosting accounts. To be clear, the threat actor did not have access to customers’ main GoDaddy accounts.

Go Daddy

I use Go Daddy for Web Hosting & Domains, what should I do?


Well even though Go Daddy advised in their statement that they have no indication the threat actor has been used on customers’ credentials, we would still advise extreme caution.

In any data breaches such as this, issues tend to surface after the event and hackers will use this latest data breach in a multitude of ways. One common technique used by hackers is to target customers after a major breach with phishing emails. These will typically say things like “Please change your Go Daddy password now!” and will look as if they are being sent by Go Daddy themselves. When you click through however, the hackers will have created a believable landing page which looks just like the Go Daddy site for you to login to. When you do this, they have captured your actual username and password.

There is also the prospect of more personal information ending up on the Dark Web from the compromised accounts. This may include usernames and passwords used which can be used by hackers to attempt to login to other accounts where you use the same password. This is why it is vitally important that you do not use the same password for more than one account.

Go Daddy are also offering customers their Website Security Deluxe and Express Malware Removal at no cost, so if you are to continue to use them as a provider, we would strongly advise utilising these tools to offer some additional protection.