GoDaddy has experienced a massive data breach of as many as 1.2 million accounts. According to a press release from GoDaddy’s chief information security officer Demetrius Comes, the web hosting and domain registrar first noticed the breach on Nov. 17, 2021. There was suspicious activity occurring specifically in the Managed WordPress environment, and as a result, GoDaddy involved both law enforcement and third-party security experts.
The investigation revealed the following:
Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.
Upon identifying this incident, we immediately blocked the unauthorized third party from our system. Our investigation is ongoing, but we have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:
Up to 1.2 million active and inactive Managed WordPress customers had their email adress and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
In an attempt to cut off the attacker and restore order to chaos, GoDaddy has implemented multiple actions following the revelation of the breach. The original admin password for WordPress that was in place at the time of the attack was changed. Additionally, active customers will find that their sFTP and database usernames and passwords have been reset due to exposure from the hacking incident. Some active customers also had SSL certificates exposed, which GoDaddy states they are in the process of replacing.
Toward the end of the press release, the company confirms that the investigation is ongoing. Additionally, GoDaddy apologizes with the following sentences that end the press release:
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.
This is not the first time that GoDaddy has experienced a data breach, so time will tell if these are merely empty words to placate furious customers.
Featured image: GoDaddy