This is a public service announcement (PSA) from EMWD regarding a serious security incident which may impact some of our clients. On May 4, 2020, GoDaddy, a large website hosting provider, has disclosed that the SSH credentials of approximately 28,000 GoDaddy hosting accounts were compromised by an unauthorized attacker.
Here is GoDaddy's public statement:
On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers’ credentials or modified any customer hosting accounts. The individual did not have access to customers’ main GoDaddy accounts.
It seems the actual breach occurred on Oct 19th, 2019.
What Should I do?
If you are using GoDaddy's hosting service and you have been impacted by this breach, then you should be receiving some sort of communication from GoDaddy very soon.
GoDaddy has indicated they have taken efforts to mitigate the breach. However we recommend that you may consider a more security minded hosting company such as EMWD. We provide 2 firewalls to watch over our shared hosting servers. We also incorporate a real-time malware/virus scanner that scans uploaded files for malicious content. If any are found, then those files are quarantine. We also provide the use of modsecurity to guard against real time web based attacks. We also employ technology that scans our server file system for recent changes made to it.
Remember stay safe and watch over your websites and email.
Wednesday, May 6, 2020