news GoDaddy reveals widespread data breach

Domain Season · May 15, 2020

GoDaddy, the internet domain registrar and web hosting company, has reported a ‘security incident’ in which an attacker gained access to users’ SSH accounts, potentially affecting its 19 million customers.........
SC Magazine reported that the actual breach took place in October last year but was only discovered on April 23 2020 – meaning attackers had access for over half a year.

“It is astonishing that GoDaddy was unable to detect unauthorised access to SSH account credentials for about eight months," says LogRhythm Labs chief information security officer and vice president James Carder.

Full article here for those interested

https://securitybrief.com.au/story/godaddy-reveals-widespread-data-breach

WhoaDomain.com · May 15, 2020

What's SSH account again? I could Google of course but in case someone else does not know. Thanks.

Samer · May 15, 2020

Dont worry, they have so much money;

They control 80% of the market, maybe more

Sutruk · May 15, 2020

WhoaDomain.com said:
What's SSH account again? I could Google of course but in case someone else does not know. Thanks.

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

Sutruk · May 15, 2020

Domain Season said:
GoDaddy, the internet domain registrar and web hosting company, has reported a ‘security incident’ in which an attacker gained access to users’ SSH accounts, potentially affecting its 19 million customers.........
SC Magazine reported that the actual breach took place in October last year but was only discovered on April 23 2020 – meaning attackers had access for over half a year.

“It is astonishing that GoDaddy was unable to detect unauthorised access to SSH account credentials for about eight months," says LogRhythm Labs chief information security officer and vice president James Carder.

Full article here for those interested

https://securitybrief.com.au/story/godaddy-reveals-widespread-data-breach

News... from 10 days ago.

https://www.namepros.com/threads/cybersecurity-incident-again-at-godaddy.1189084/

https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/

Constantin S · May 15, 2020

No surprise, namepros members has been complaining about GD bugs & errors for years, what is some extra cybersecurity issues....

tonyk2000 · May 15, 2020

At least they reveal it. Not always the case... There are registrars around with extremely unsecure systems, and making them fix the things is a mission impossible. I wish I could post the names and all the evidence publicly, but all my professional experience /I used to work as a sysadmin before domaining

/ prompts that such an info should not be posted on public forum(s). Long story short - everybody should perform their own research before using this or that registrar - especially for critical domains, or if you are saving credit card or submit any other sensitive information to their website(s).

CraigD · May 15, 2020

WhoaDomain.com said:
What's SSH account again? I could Google of course but in case someone else does not know. Thanks.

SSH mainly has to do with hosting websites on their servers. If you are not hosting your website with them, I don't think you would have much to worry about.

Sutruk · May 15, 2020

tonyk2000 said:
At least they reveal it. There are registrars around with extremely unsecure systems, and making them fix the things is a mission impossible. I wish I could post the names and all the evidence publicly, but all my professional experience /I used to work as a sysadmin before domaining / prompts that such an info should not be posted on public forum(s). Long story short - everybody should perform their own research before using this or that registrar - especially for critical domains, or if you are saving credit card or submit any other sensitive information to their website(s).

Agree. But note that the breach was for Hosting accounts, not for Domain accounts. Just to point out the difference.

CraigD said:
SSH mainly has to do with hosting domains on their servers. If you are not hosting your domain with them, I don't think you would have much to worry about.

Hosting "websites", not "domains".

CraigD · May 15, 2020

Sutruk said:
Agree. But note that the breach was for Hosting accounts, not for Domain accounts. Just to point out the difference.
Hosting "websites", not "domains".

Cheers, I slipped there

I've fixed my original post to avoid any confusion.

WhoaDomain.com · May 15, 2020

Sutruk said:
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

isn't that just SSL? same thing? sounds like it.

tonyk2000 · May 15, 2020

WhoaDomain.com said:
isn't that just SSL? same thing? sounds like it.

SSH is a feature of an extended wehosting account and/or VPS (virtual private server) and/or dedicated server. Command line (terminal) access to website content. It has nothing to do with the domain registration by itself...

CraigD · May 15, 2020

WhoaDomain.com said:
isn't that just SSL? same thing? sounds like it.

Basically, SSH is for executing commands where SSL is for transferring information.

WhoaDomain.com · May 15, 2020

CraigD said:
Basically, SSH is for executing commands where SSL is for transferring information.

Got it. I really should have majored in technology instead of medical back in college. lol

All this tech talk might as well be Greek to me.

Thanks All @CraigD @tonyk2000 @Sutruk @Domain Season @Samer

CraigD · May 15, 2020

WhoaDomain.com said:
Got it. I really should have majored in technology instead of medical back in college. lol

I'd much rather have a medically trained person around than a techie.
We need more medical professionals!

WhoaDomain.com · May 15, 2020

CraigD said:
I'd much rather have a medically trained person around than a techie.
We need more medical professionals!

Man. I did premed. EMT. Nursing.

Let me tell you. Those people do not get paid enough for the work they do. I couldn't cut it. When my first patient died while my teacher told me to give chest compressions. I realized I wasn't cut out for it. Plus the amount of info these people need to have a working knowledge of 24/7? is mind boggling.

I am not surprised why many medical professionals end up with lawsuits.

You work double shifts? and expected to think straight and keep a working knowledge of everything you ever learn in school 24/7?

plus deal with patients and their specific necessary needs?

Ever had a "cold" and "robotic" "uncaring" doctor or nurse? Me going thru it. I get it now why they are like that.

Every medical professional should be making $1 million bucks. each.

many medical professionals who have died because of Corona I bet you weren't making Six figures.

Name Trader · May 16, 2020

Sutruk said:
Agree. But note that the breach was for Hosting accounts, not for Domain accounts. Just to point out the difference.

Hosting "websites", not "domains".

Yeah. ButGoDaddy are both the biggest Domain company, as well as the biggest Host company on the planet. And I would assume they could well be using the same developers in each company

I would never use them for Domains or Hosting because of their unfriendly policies in times of crisis, and because of all the bugs in their Domain Control Panel.

Mytz.com · May 25, 2020

Dont worry, they have so much money;

news GoDaddy reveals widespread data breach

Established Member

WhoaDomain.comTop Member

Top Member

Top Member

Top Member

Top Member

Top Member

Top Member

Top Member

Top Member

WhoaDomain.comTop Member

Top Member

Top Member

WhoaDomain.comTop Member

Top Member

WhoaDomain.comTop Member

formerly @stubTop Member

- Web: MYYM.com - Web: HOSI.com - Web: TPDN.comTop Member

Similar threads

We're social

Pinned

Appreciation

Agreement