GoDaddy Reports Data Breach on SSH Accounts Used in its Hosting Environment

Godaddy Data breach

GoDaddy reported to Californian authorities on Tuesday [PDF] an October breach of data indicating that an unauthorized person might access the SSH accounts used in his hosting system. Start using free ssh vulnerability scanner online to prevent from hacker.

“We have no evidence that any files were added or modified on your account,” the company said while omitting evidence that files may have been accessed or exfiltrated.

“The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment,”

GoDaddy confirmed that the intrusion did not affect the main customer account. No information was obtained in that account.

The company has reset passwords and provides affected customers with free protection and malware removal services during the year of its website.

“These services run scans on your website to identify and alert you of any potential security vulnerabilities,” it said. “With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.”

The domain giant also advised clients to check their hosting accounts.

In February, the company reported $138.4 million in net sales for the full-year span of $2.99 billion. GoDaddy said that by the end of 2019, it had 19.3 million customers.

The company posted $780 million in revenue for its fourth quarter, composed of $352 million in domains, $293 million in hosting, and $135 million in business applications.

In March, KrebsOnSecurity announced that a GoDaddy employee had been phished, prompting an intruder to alter DNS entries to, a freelancer service. Get to know about godaddy malware removal here.

Two hours later, Freelancer CEO Matt Barrie announced that Escrow could re-control its DNS entries and that none of its systems was affected.

“During the incident, our security team managed to talk to the hacker on the phone, and for more than an hour, he tried to persuade him to retrieve domain registry operations,” Barrie said.

“Our security team found during this phone call that the entry route was that the hacker illegally manipulated internal support systems in our registrar and used them to make changes in the account.”

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.