GoDaddy, one of the world’s largest website hosting providers has disclosed that the SSH credentials of approximately 28,000 accounts were compromised by an unauthorised attacker.This was revealed in a Submitted Breach Notification to the California Attorney General’s office, which says the suspicious activity occurred on some of its servers on Oct. 19, 2019.
The team has learned that an unauthorised individual had gained access to the login credentials of customers who use SSH (Secure Shell) to connect to their hosting accounts.
GoDaddy says they immediately reset these usernames and passwords, removed an authorized SSH file from thr platform, and have no indication the individual used the customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.
SSH can allow logins with either a username/password combination, or a username and a public/private key pair. In the case of this breach, it appears likely that an attacker placed their public key on the affected accounts so that they could maintain access even if the account password was changed.
The company has been advising users to conduct an audit of their hosting accounts and further said that it will provide affected users with a free year of Website Security Deluxe and Express Malware Removal, services that scan customer websites for any potential security issues.