An unauthorized party used their web hosting account credentials to connect to GoDaddy hosting account via SSH.
GoDaddy is the world’s largest domain registrar and web hosting company that provides services to roughly 19 million customers around the world.
The security incident took place on October 19, 2019.
An altered SSH file in GoDaddy's hosting environment and suspicious activity were noticed on a subset of GoDaddy's servers.
Source: https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/
TPRM report: https://scoringcyber.rankiteo.com/company/godaddy
"id": "god1441301222",
"linkid": "godaddy",
"type": "Breach",
"date": "10/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Domain Registration and Web Hosting',
'location': 'Global',
'name': 'GoDaddy',
'size': '19 million customers',
'type': 'Company'}],
'attack_vector': 'Compromised Credentials',
'date_detected': '2019-10-19',
'description': 'An unauthorized party used their web hosting account '
'credentials to connect to GoDaddy hosting account via SSH. '
'GoDaddy is the world’s largest domain registrar and web '
'hosting company that provides services to roughly 19 million '
'customers around the world. The security incident took place '
"on October 19, 2019. An altered SSH file in GoDaddy's hosting "
'environment and suspicious activity were noticed on a subset '
"of GoDaddy's servers.",
'impact': {'systems_affected': ["Subset of GoDaddy's servers"]},
'initial_access_broker': {'entry_point': 'SSH Access'},
'threat_actor': 'Unauthorized Party',
'title': 'GoDaddy SSH Security Incident',
'type': 'Unauthorized Access',
'vulnerability_exploited': 'SSH Access'}