In a massive case of data breach, GoDaddy Inc has reported that up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer number exposed. GoDaddy Inc, an internet domain registrar and web hosting company, in a statement released on 22 November evening, claimed that on 17 November 2021, the company discovered unauthorized third-party access to the Managed WordPress hosting environment. It further went on to say that the exposure was a result of a phishing attack.
The statement further reads that while the initial investigation has revealed that access was gained using a compromised password during the beginning of 6 September 2021.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Chief Information Security Officer Demetrius Comes said in a filing.
The company, whose shares fell about 1.6% in early trading, said it had immediately blocked the unauthorized third party, and an investigation was still going on.
This story corrects the second paragraph to say the incident was discovered on 17 November, not 6 September.
GoDaddy claimed that while the original WordPress Admin password that was set at the time of provisioning was exposed, in case the same credentials were still in use, the company had reset those passwords.
“For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords. For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers,” said the domain registrar giant.
The statement further said that while the company’s investigation is ongoing and they are contacting all impacted customers directly with specific details.
What data is exposed due to the GoDaddy security breach
According to GoDaddy, starting 6 September 2021, the unauthorised third party used the vulnerability to gain access to:
1. Up to 12 lakh active and inactive Managed WordPress customers had their email addresses and customer numbers exposed.
2. The original WordPress Admin password that was set at the time of provisioning was exposed.
3. For active customers, sFTP and database usernames and passwords were exposed.
4. For some active customers, the SSL private key was exposed.