Popular web hosting company GoDaddy said that it has faced a data breach that puts the information of 1.2 million customers at risk. In a letter to the US Securities and Exchange Commission (SEC), GoDaddy said it “discovered unauthorized third-party access to our Managed WordPress hosting environment.”
WordPress is a web-based content management system that is used to set up websites by millions of people globally. GoDaddy has over 20 million customers around the world and allows them to host their own WordPress installs on their servers.
While the company said it found out about the incident on November 17, it believes that actors behind it began exploiting the vulnerability back in September. GoDaddy also provided some information on the compromised customer data.
Details of the GoDaddy Data Breach
Demetrius Comes, GoDaddy’s Chief Information Security Officer, said the actor used a compromised password to access its Managed WordPress hosting environment. Comes added that the hacker first gained access on September 6, 2021.
When GoDaddy found the breach on November 17, it took the assistance of an IT forensics firm and immediately started an investigation. It also notified law enforcement about the incident.
After discovering the breach, GoDaddy blocked the actor from its systems. However, the company believes that the following information about its customers has been compromised:
- The email addresses and customer numbers of nearly 1.2 million Managed WordPress customers, both active and inactive
- Their original WordPress Admin passwords set at the time of installation
- sFTP and database usernames and passwords of active customers
- SSL private keys of certain active customers
GoDaddy’s Response to the Incident
GoDaddy has warned that the email address leak could lead to phishing attacks. The company said that its investigation is ongoing and that it will contact affected customers directly with more information.
It has also taken some immediate measures to address the breach. For example, It has reset original WordPress Admin passwords that were still operational, as well as database passwords. It also stated that it will issue and install new SSL certificates to affected customers.
In the letter, Comes added that customers can contact GoDaddy via its help center. This also includes telephone numbers based on the region.
“We are sincerely sorry for this incident and the concern it causes for our customers,” said Comes.
He added, “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
If you own a small business with an online presence and are concerned about your security, check out our beginner’s guide to cybersecurity practices. It provides an overview of the cybersecurity threats you could face, as well as a list of ways to protect yourself from cyber incidents.