If you’re a GoDaddy customer of some description, be it you host a website or email, you have been pwned by hackers. Bleeping Computer broke the news last night that up to 19 million customers, which is their entire customer base, have been informed that their web hosting account credentials had been compromised. The breach appears to have occurred on October 19, 2019, according to the State of California Department of Justice, with which the disclosure notification email sample [Warning: PDF] was filed.
Now here’s what you need to know:
- The breach is limited only to hosting accounts and did not involve customer accounts or the personal information stored within them.
- No evidence was found to suggest that any files were modified or added to the affected accounts.
- It is not clear if data was copied.
- GoDaddy will provide a complimentary years’ worth of security and malware removal services for those customers affected/
Now chances are that if you are affected, GoDaddy will have forced a password reset which you will have to go through to get access to your account again. But if I were you, if you are a customer of GoDaddy, I would reset your password anyway.
Meanwhile, GoDaddy has some explaining to do. Hopefully in front of a national government or two so that they are held fully accountable for anything that they might have done to contribute this situation.