GoDaddy is notifying affected customers that an unauthorized party was able to access hosting accounts via SSH. On April 23rd, GoDaddy discovered an altered SSH file in their hosting environment, along with “suspicious activity on a subset of GoDaddy’s servers.” The incident took place on October 19th and only affected hosting accounts. Accounts used to log into the GoDaddy website, and any information stored through it were not affected. According to the email sent to affected customers, GoDaddy has “proactively reset your hosting account login information to help prevent any potential unauthorized access.” In support of customers who have been affected, GoDaddy is offering them one year of Website Security Deluxe and Express Malware Removal for free.
Analyst Notes
Although GoDaddy was proactive in resetting passwords for affected customers, those who received the email are highly advised to audit their hosting directories for any suspicious or unusual changes to files. Regular auditing of files on web servers are a great way to protect site visitors and ensure no unauthorized changes have been made.
Source: https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/
