GoDaddy, one of the worlds largest domain registrars has confirmed a data breach which they did not discover for 7 months.
In a statement, GoDaddy confirmed that an “unauthorised individual” was able to access users login details in an intrusion which the company said took place in October 2019. They did not confirm for how long the attacker had access to the data.
The data breach is estimated to have affected around 28,000 hosting account customers. Affected customers have had their hosting account login passwords reset.
However, many customers may have poor password hygiene and will have reused their GoDaddy passwords across other websites, so it’s important that any affected users change their passwords on other sites as well, if this is the case.
It is still unclear whether or not this data breach is the result of the reuse of previously stolen credentials or simply a brute force attack.
It is imperative that people understand why it is so important to use unique passwords for each website that they log into.