Web hosting giant GoDaddy on Monday disclosed that it has
faced a major data leak attack that resulted in the unauthorized access of data
belonging to a total of 1.2 million active and inactive customers, making it
the third security incident to come to light since 2018.
GoDaddy recently started notifying the customers with email alerts, cleaning up their passwords with an algorithm that adds a series of random numbers to any new password, and performing two-factor authentication. The company has also disabled the possibility of setting up accounts through legacy software, which isn't as secure as it could be.
There's no guarantee that the password scrubbing will be enough to avoid account hacking, but the change addresses one of the biggest security holes that led to the breach in the first place. Also, GoDaddy hasn't seen any evidence that attackers are currently exploiting any of this data, but it's possible they may eventually do so even without being able to see user information.
Affected customers are being offered free identity protection services, which should keep them safe from identity theft for a limited set of events. The service will cover legal expenses related to dealing with stolen identities or credit cards, but it's unclear whether it will be able to deal with other consequences stemming from your personal information being made public.
User data that has been breached: