GoDaddy suffers security breach affecting 1.2 million Managed WordPress hosting customers
GoDaddy is one of the latest companies to suffer a security breach. The incident was revealed in a disclosure document filed to the Securities and Exchange Commission on Monday, confirming that up to 1.2 million customers were affected.
The attacker had reportedly used a compromised password to gain unauthorized access to GoDaddy’s provisioning system to get through to its legacy code base for its Managed WordPress hosting service.
Aside from providing its customers with domain names and offering web hosting, one of GoDaddy’s services is Managed WordPress hosting. It promises to provide users with search engine optimization (SEO) tools, malware scanning and removal, pre-built themes, and an array of WordPress plugins that customers can then use on their pages.
GoDaddy chief security information officer Demetrius Comes said the data breach was detected last Nov. 17 and that they have immediately blocked the attacker’s access. The company’s investigation, however, revealed that the unauthorized third-party access started as early as last Sept. 6.
Since the breach in September, GoDaddy found that the attacker was able to access up to 1.2 million active and inactive email addresses and customer numbers from Managed WordPress hosting users. The company warns affected customers that they could be subjected to phishing attacks due to the incident.
The breach also compromised the original WordPress Admin password used by the provisioner. But GoDaddy said passwords that were still in use at the time of the breach’s detection had been reset.
GoDaddy also confirmed that sFTP and database usernames and passwords of active customers were exposed. The company said those credentials have been reset as well at the time of disclosure.
A “subset of active customers” – but GoDaddy did not specify how many – also had their Secure Sockets Layer (SSL) private keys compromised in the breach. SSL is a commonly used internet security protocol. With SSL, data traveling from one website to another is encrypted, so anyone without the right SSL private key should be unable to access it. At the time GoDaddy announced the breach, the company said it had started providing new certificates for affected users.