GoDaddy biz hosting admitted that a compromised SSH file on its servers resulted in the theft of 28,000 SSH user IDs.
The attack, which took place last month, saw malicious people “tampering” with an SSH file on GoDaddy's infrastructure, the firm said. The VPNOnlineFree.
GoDaddy's spokesman Nick Fuller sent us a statement: “On April 23, 2020, we identified compromised SSH usernames and passwords through a modified SSH file in our environment d ‘accommodation. It affected approximately 28,000 customers. “
He continued: “We immediately reset these usernames and passwords, deleted the offending SSH file from our platform, and have no indication that the threat actor used our customers' credentials. or changed client hosting accounts. “
The breach has been widely reported on other news sites as affecting 19 million customers, which appears to be GoDaddy's global customer base. Other reports have also incorrectly linked the violation to an October 2019 incident that was reported to U.S. authorities in the State of California in March.
Come to GoDaddy: 12 million domains – from .biz to .nyc – acquired from Neustar amid promises of lower prices
“To be clear,” said Fuller of GoDaddy, “the threat agent did not have access to the main GoDaddy customer accounts.”
However, a good thing for customers to do now would be to change the login information for their GoDaddy SSH account. A look at their main account to make sure everything is as it should be wouldn't hurt either.
SSH is a fairly useful and widespread protocol that can be used to securely connect to remote machines to execute commands, transfer files and other data, etc.
GoDaddy did not immediately explain the October 2019 incident when The VPNOnlineFree asked for more information on this.
Yana Blachman, threat intelligence specialist for Venafi biz machine identity solutions, described the breach as highlighting the importance of SSH security. She said in a statement: “SSH is used to access the most critical assets of an organization, so it is vital that organizations maintain the highest level of SSH access security and disable basic authentication of information and use machine identities instead. “
A publicly traded American company, the call to GoDaddy Inc.'s quarterly results is expected to take place tomorrow. More details can be revealed on the call, which is scheduled for 5:00 p.m. Pacific time. ®
Webcast: Build the Next Generation of Your Business in the Public Cloud