Global Web Hosting Company GoDaddy Reports Data Breach – Security
Since September, hackers have accessed the usernames, passwords, email addresses and SSL private keys of GoDaddy customers by compromising their managed WordPress hosting environment.
The US-based Internet domain registrar and web hosting company said an unauthorized third party accessed GoDaddy’s provisioning system in its legacy codebase for Managed WordPress using a compromised password .
The adversary began exploiting the vulnerability on September 6 and GoDaddy discovered the unauthorized access on November 17, according to the company.
“We are sincerely sorry for this incident and the concern it is causing our customers,” Demetrius Comes, information security officer at GoDaddy, said in a statement. “We, the management and employees of GoDaddy, take our responsibility to protect our customers’ data very seriously and never want to let them down.
GoDaddy’s stock fell $3.15 (4.42%) to $68.16 per share in trading Monday afternoon.
Hackers used the compromised password to gain access to email addresses and customer numbers of up to 1.2 million active and inactive managed WordPress customers. Exposing email addresses poses risks for phishing attacks, according to GoDaddy.
Additionally, a subset of active customers had their SSL private key exposed. GoDaddy said it is in the process of issuing and installing new certificates for these customers. Active customers, meanwhile, had their sFTP and database usernames and passwords exposed, and GoDaddy reset both passwords.
Additionally, GoDaddy said the original WordPress admin password set at the time of provisioning was exposed. If those credentials were still in use, GoDaddy said it reset those passwords.
GoDaddy said it contacted law enforcement and investigated the breach with the help of a computer forensics firm.
After identifying the attack, GoDaddy said it immediately blocked the unauthorized third party from its system. GoDaddy said its investigation is still ongoing, noting that it has contacted all affected customers directly with specific details.
“We will learn from this incident and are already taking steps to strengthen our supply system with additional layers of protection,” Comes said.