GoDaddy, one of the most famous domain registrar and hosting companies out there, have notified it’s customers about security issues and data leakage they have experienced:
The media have reported that the problem affected all 19 million customers of the company, and the incident took place in the fall of 2019. However, The Register reports that this is not quite the case. According to the publication, what happened in October 2019 has nothing to do with the current incident, while other media reports that the initial compromise took place eight months ago. So, it could be an absolutely new security breach of the affected GoDaddy servers.
Back to the facts, on April 23, 2020, GoDaddy employees discovered suspicious activity: usernames and passwords were compromised, as attackers made changes to the SSH file in GoDaddy infrastructure. In total, this problem affected approximately 28,000 customers (not 19,000,000, as some have suggested). But it was easy to make this mistake because not all the data breach-related facts have been released yet.
GoDaddy experts claim that they have already reset all affected usernames and passwords, got rid of the deliberately damaged SSH file, and have not yet found any traces that the attackers used the “leaked” credentials and changed anything. The company emphasized that it did not find evidence that during the incident any files were added or changed (however, nothing was said about viewing and downloading files).
It is emphasized that the attackers did not have access to the main customer accounts on GoDaddy.com, the incident affected only hosting accounts, however, experts still recommend that victims change their passwords everywhere. And if you still need a domain name, check out Namecheap, one of the more reliable registrars out there.