According to a recent filing made to the US Securities and Exchange Commission (SEC), The web hosting Giant, GoDaddy, has reported a massive data breach affecting nearly 1.2 million customers.
According to a filing with the Securities and Exchange Commission (SEC), GoDaddy has disclosed a massive data breach impacting approximately 1.2 million customers. On November 17, 2021, the company discovered the breach with “third-party access” to its “Managed WordPress hosting environment.”
GoDaddy discovered “suspicious activity” in the “Managed WordPress hosting environment” and initiated an investigation. After discovering the breach, the company contacted law enforcement and an IT forensics team.
An unauthorized third party gained access through a “compromised password,” and attackers then gained access to the “provisioning system in the legacy code base of Managed WordPress.”
GoDaddy claims it “blocked the unauthorized third party” when it was discovered, but the investigation continues. Access likely began on September 6, 2021, which is nearly two months before GoDaddy discovered the breach.
According to the filing, “1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed.”. Having email addresses stolen can increase the risk of phishing attacks, where cybercriminals send emails to trick users into divulging their other account details.
According to the filing, “the original WordPress Admin password that was set during provisioning was exposed. If those credentials were still in use, those passwords were reset.”.
“SFTP and Database usernames and passwords were compromised,” according to GoDaddy, though both passwords have been reset. Organizations and businesses use Secure File Transfer Protocol (sFTP) to access and transfer files over the network.
Finally, “the SSL private key was exposed” for some customers, and GoDaddy is “issuing and installing new certificates for those customers.” The SSL private key is crucial since it is an integral part of the website’s SSL (Secure Sockets Layer) certificate. Authentication is what connects a website to the internet.
As part of the investigation, the company is “contacting all impacted customers directly with specific information.” Customers are also encouraged to contact the company via its help center.