GoDaddy Breach Compromised Credentials of 28,000 Customers

A breach at GoDaddy.com LLC, the domain name registrar and website hosting company, compromised usernames and passwords of approximately 28,000 of the company’s 19 million customers.

On April 17, GoDaddy discovered and began investigating suspicious activity that dated back to October, a company representative said. Six days later, GoDaddy identified affected customers and began remediation, the representative said.

GoDaddy “immediately reset the affected usernames and passwords,” which were used only by customers for accessing remotely hosted servers, rather than their main GoDaddy accounts, according to a company statement. GoDaddy has “no indication the threat actor used our customers’ credentials or modified any customer hosting accounts,” according to the statement.

The company told people whose information was compromised that the individual who gained unauthorized access to their credentials “has been blocked from our systems, and we continue to investigate potential impact across our environment,” according to a breach notification document submitted to California’s Department of Justice. “Out of an abundance of caution, we recommend you conduct an audit of your hosting account.”

To contact the reporter on this story:
Alyza Sebenius in Washington at asebenius@bloomberg.net

To contact the editor responsible for this story:
Andrew Martin at amartin146@bloomberg.net

© 2020 Bloomberg L.P. All rights reserved. Used with permission.