GoDaddy, the world's largest domain registrar, has disclosed a data breach impacting web hosting account credentials of 19 million customers.
The company sent emails to affected customers signed by GoDaddy CISO and vice-president of engineering, Demetrius Comes. The email says that the company recently identified suspicious activity of its servers and investigation showed that an unauthorized individual has access to users' login information used to connect to SSH on their hosting accounts. GoDaddy says it has no evidence that any files were added or modified to users' accounts. In any case, the company has reset the accounts of impacted users. GoDaddy has also recommended, "out of an abundance of caution," that users audit their hosting accounts.
The breach appears to have occurred on October 19, 2019, according to the State of California Department of Justice, with which the disclosure notification email sample was filed.
This is the second notable security GoDaddy incident to be reported within a few weeks. On March 31, journalist Brian Krebs detailed how a GoDaddy employee "had fallen victim to a spear-phishing attack," that led to the hacking of a small number of GoDaddy domain customers.