GoDaddy has been notifying customers of a data breach that may have resulted in their web hosting account credentials getting compromised.
Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.
The company submitted a data breach notice with the California Attorney General this week, revealing that its systems were breached in October 2019.
“We need to inform you of a security incident impacting your GoDaddy web hosting account credentials,” the accompanying customer notification letter reads.
The company said it started an investigation immediately after identifying suspicious activity on a subset of servers, which revealed that “an unauthorized individual” was able to access the credentials customers use to connect to SSH on their hosting account.
“We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access,” GoDaddy says.
The unauthorized party was blocked from the company’s systems, but the investigation into the incident continues.
“We have no evidence that any files were added or modified on your account,” the web hosting provider says, but advises customers to conduct an audit of their hosting accounts.
The Internet registrar also explains that the main GoDaddy.com customer accounts were not impacted by the incident, and that the information stored within those accounts was not accessed by the hackers. Only the hosting accounts were affected.
GoDaddy is providing impacted customers with one year of premium security services, which should help them identify any potential security vulnerabilities on their websites.
“We apologize for any inconvenience this may have caused. We have already taken and will continue to take measures to enhance our security in light of this incident,” the company says.