GoDaddy disclosed a data breach in which data of up to 1.2 million customers were exposed when the hackers gained access to the company’s Managed WordPress hosting environment.
GoDaddy discovered the incident last Wednesday, on November 17, but the attackers had access to its network and the data contained on the breached systems since at least September 6, 2021.
GoDaddy is one of the world’s largest domain registrars and a web hosting company providing services to more than 20 million customers worldwide.
Demetrius Comes, Chief Information Security Officer of GoDaddy stated that they identified suspicious activity in their Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.
The unauthorized third party accessed the provisioning system in the legacy code base for Managed WordPress using a compromised password.
The investigation process is ongoing and all impacted customers are contacted directly with specific details.
The attackers managed to access the following GoDaddy customer information using the compromised password:
- Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
- The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, those passwords were reset.
- For active customers, sFTP and database usernames and passwords were exposed. Both passwords have been reset.
- For a subset of active customers, the SSL private key was exposed. The company is in the process of issuing and installing new certificates for those customers.