Domain registrar and web-hosting firm GoDaddy disclosed on Tuesday a data breach that impacted web hosting account credentials of some customers.
In a letter sent to some customers [pdf], the company said that the security incident, which happened in October 2019, enabled an unauthorised individual to access some customers' login information that is used to connect to SSH on their hosting account.
The breach was discovered after the security team spotted a suspicious activity on some of the company's servers.
The company assured customers that the breach did not impact "main customer accounts," and there was no evidence to suggest that hackers added or modified any files on affected accounts.
The web-hosting firm has blocked the unauthorised individual from its systems and has also reset hosting account login information of affected users to prevent any potential unauthorised access in future.
The company is also offering one year of Express Malware Removal and Website Security Deluxe service at no extra cost to affected users.
Customers can use these services to scan their website for any potential security threats.
The potential impact of the security incident is currently being investigated, the company stated.
This is, however, not the first instance of a security incident exposing sensitive details of customers to cyber criminals. Last year, hackers used hundreds of stolen credentials for GoDaddy accounts to create nearly 15,000 subdomains to redirect potential victims to malicious websites.
In March, security firm KrebsOnSecurity revealed a incident in which hackers targeted a GoDaddy through spear-phishing emails and were able to modify the DNS entries for the Freelancer-owned Escrow.com.
In 2018, UpGuard Cyber Risk Team uncovered a security breach in which an unsecured Amazon Web Services (AWS) S3 bucket resulted leaking of GoDaddy's internal systems data. UpGuard gave GoDaddy a chance to plug the leaks, but after five weeks, it disclosed the breach publically after GoDaddy failed to secure its confidential data.
Cyber attack in February rendered Council's website and many payment systems completely inoperable
The campaign has been linked to Vietnam-state-backed threat group APT32
NSO Group had used a server run a Los Angeles-based hosting provider, according to Facebook
Spear-phishing attacks started just after the WHO issued its first warning about novel coronavirus
The firm says it became aware of the breach on 30th March 2020