Web hosting giant GoDaddy on Monday disclosed that it has
faced a major data leak attack that resulted in the unauthorized access of data
belonging to a total of 1.2 million active and inactive customers, making it
the third security incident to come to light since 2018.
GoDaddy recently started notifying the customers with
email alerts, cleaning up their passwords with an algorithm that adds a series
of random numbers to any new password, and performing two-factor
authentication. The company has also disabled the possibility of setting up
accounts through legacy software, which isn't as secure as it could be.
There's no guarantee that the password scrubbing will be
enough to avoid account hacking, but the change addresses one of the biggest
security holes that led to the breach in the first place. Also, GoDaddy hasn't
seen any evidence that attackers are currently exploiting any of this data, but
it's possible they may eventually do so even without being able to see user
information.
Affected customers are being offered free identity
protection services, which should keep them safe from identity theft for a
limited set of events. The service will cover legal expenses related to dealing
with stolen identities or credit cards, but it's unclear whether it will be able
to deal with other consequences stemming from your personal information being
made public.
User data that has been breached: