If you have a domain through GoDaddy, you might want to take a minute to reset your password and PIN and enable two-factor authentication if you haven’t already. The domain registrar and web hosting company has been hacked, says Threat Post. According to the California Attorney General, GoDaddy submitted the breach report on May 3 – just three days ago – but the breach itself happened October 2019.
Speaking with Threat Post, Chris Clements, vice president of solutions architecture at Cerberus Sentinel, said it’s possible that the attacker had access to customer accounts for around seven months before they were discovered. “GoDaddy should provide more information into the investigation and evidence to support this claim as well as explain why it took almost half a year to detect,” Clements said.
GoDaddy did provide some clarification to Gizmodo. In a statement, the company said that it found an unauthorised SSL (a networking protocol that makes a secure connection between web clients and web servers over an insecure network) while performing security updates. An internal investigation launched immediately after that, which determined the original date of the breach to be sometime in October 2019.
The company was able to figure out which customers were impacted by the breach on April 23, and then immediately reset the usernames and passwords of those customers. GoDaddy also said that it had “no indication the individual used our customers’ credentials or modified any customer hosting accounts.” The hacker did not gain access to access to customers’ main GoDaddy accounts, according to the company.
GoDaddy sent out a form email to affected individuals, stating:
“The investigation found that an unauthorized individual had access to your login information used to connect to SSH on your hosting account. We have no evidence that any files were added or modified on your account. The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment.”
SSH, or Secure Shell, is used for operating network services securely over an unsecured network, like accessing your work’s network from home. In this case, someone was able to gain access to personal account credentials of an unknown number of customers that would have allowed that person to log in to their accounts and potentially access stored credit card numbers or other sensitive information.
As required by California Civil Code s. 1798.29(e) and California Civil Code s. 1798.82(f), “Any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification.”
According to GoDaddy, the breach affected 28,000 customers. California law requires all companies to notify every single one of their customers if there’s even the possibility their personal information was compromised.
The form that GoDaddy would have had to fill out has sections for “Date(s) of Discovery of Breach” and “Date(s) Individual Notice Provided to Consumers,” but again, if you look at what was submitted, that information is missing, which could have caused some of the original confusion in other reports of the breach. Whether or not you got a notice of breach from GoDaddy, if you’re a customer, it would be smart to update your account credentials now.