GoDaddy has been hacked and their customers’ accounts compromised. Many of the customers who have registered with the service as well as the ones who have had accounts for more than one year are said to be affected.
The company informed its users about the incident on its official website on April 27, which read,
Last night our security team identified a data security incident that affects a very small percentage of our user accounts. We have stopped the unauthorized access and properly deleted the data, and have also invalidated unvalidated accounts. Our investigation is ongoing and we will provide additional information as we are able.
Since there’s no official statement from the company yet, we can only assume that the breach is something serious.
The company is yet to issue a press release regarding the issue. But for now, we know that GoDaddy provides us with a basic authentication mechanism to log in to our accounts. This essentially means that the user has to input his name, email address, physical address, and a few other details to confirm the authenticity of the account.
Also Read: Social media abuse as a wake-up call for schools
Hackers have used this technique to access the details of all the affected customers. Some of the customers have been even forced to give the details such as date of birth, gender, and zip code to access their GoDaddy accounts.
Even though there’s no official explanation regarding the hacking, some of the GoDaddy customers shared with various security experts that they received a mail from the company saying they are the victims of a large-scale data security incident, as the company had lost contact with the data.
While a lot of these customers thought it is an April fool’s prank, the company was quick to inform the security experts about the incident. The officials confirmed the information from the affected customers and it was said to have been an email-based data breach, which was said to be possible from the hackers for the last 2 years.
Also Read: Reputed Android apps and the states where they are legal
The company made a statement regarding the same on its official website on April 27.
“Although the incident does not compromise the security or privacy of customers, we have taken steps to help customers address the incident. For example, we invalidated any unauthorized accounts that might have been created with the stolen information and reset customer passwords. In addition, we reset the access tokens of the people affected. We will continue to communicate with our customers and monitor for other potential issues.”
The company has also informed the users to “confront” the hackers through a series of tweets. It’s a simple step to identify the hackers by doing what the company asked.