GoDaddy forced to reset client passwords and provide a free year of web security and malware services after data breach

https://www.zdnet.com/google-amp/article/godaddy-reports-data-breach-involving-ssh-access-on-hosting-accounts/

Exploit: Unauthorized database access
GoDaddy: Domain service provider

Risk to Small Business: 1.805 = Severe: GoDaddy has reported an October data breach to California authorities after it identified an unauthorized individual operating within their platform. Although the company believes that files were not altered or modified, the company was forced to reset user account passwords and to provide a free year of its website security and malware service. It’s possible that the intruder is related to an earlier cybersecurity incident stemming from an employee who engaged with a phishing scam. The hosting platform often touts its small business services, and these organizations will now have to decide if a platform with multiple cybersecurity lapses is the best place for their digital services to reside.

Individual Risk: GoDaddy asserts that personal data was not compromised in this breach, but customers should carefully monitor their accounts for possible misuse.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident highlights the growing cybersecurity threat posed by third-party partnerships, which SMBs often rely on to power their platforms and services. To protect account security, even in the event of a third-party cybersecurity incident, companies should enact simple but effective data security standards, like enabling two-factor authentication and requiring employees to use strong, unique passwords on all accounts.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.