GoDaddy has revealed that it experienced a security breach. In disclosures to the Securities and Exchange Commission, the web hosting company said that the breach happened on September 6, 2021. During the breach, ‘unauthorized third party had gained access to information of WordPress users. The company said that data of around 1.2 million Managed WordPress customers may have been accessed. WordPress is a web-based content management system that is used by millions of bloggers and websites owners across the world. GoDaddy customers are allowed to host their own WordPress installs on their servers. In a filing with the SEC, GoDaddy’s chief information security officer Demetrius Comes said that a third party used a compromised password to get access to GoDaddy’s systems. However, GoDaddy was unaware of the breach for almost a month. It got to know about the hack only last week on November 17. The breach was found when the company noticed that someone was accessing its Managed WordPress hosting environment. WordPress is an open-source content management system that lets users develop a website very easily. The company has not shared any details about whether the compromised password was protected with two-factor authentication or not. The data breach has affected 1.2 million customers, both active and inactive users. Email addresses and mobile numbers could have been exposed in the data breach.
The customers whose emails were exposed could be at risk of phishing attacks. Under this, hackers trick users to click on links sent via email that can deploy malicious software in their systems. Hackers also trick users into sharing their sensitive information. The company also said that the original WordPress admin password was also compromised in the breach. The original password is created when WordPress is first installed. Access to this password can be used to access the servers of WordPress customers. According to GoDaddy, FTP credentials along with login details of the WordPress databases of the active customers were also exposed in the breach. WordPress database stores all the content of users. What is more worrying is that the SSL (HTTPS) private keys of some customers were also exposed. Attackers can abuse this to impersonate websites or services of customers. After noticing the breach, the company has reset WordPress passwords a private keys of customers. GoDaddy is also in the process of issuing new SSL certificates. The company started an investigation immediately after the breach came to its notice. It has contacted law enforcement agencies. The company is also reaching out to customers to address their concerns. The company has also asked customers to directly get in touch with them through an online help center in case of any difficulty or queries related to the breach.
“We are continuing with our investigation and as part of it, the company is contacting customers. We will definitely learn from this data breach. We are already working on strengthening our provisioning system and adding an additional layer of securities,” Comes said. Comes has also apologized for the problem that customers could face because of this data breach. “We are sincerely sorry. This is an unfortunate incident. It may cause concerns in the minds of our customers. Leadership and employees of GoDaddy take full responsibility to protect our customers. We never wanted to let them down.” There has been a surge in the number of incidents related to data breaches in the recent past. Several companies have reported security breaches of late. Recently, Robinhood faced the same issue when hackers managed to access the personal information of around 7 million customers. Hackers even demanded a ransom payment. Earlier in August, around 100 million wireless customers of T-Mobile were affected by the data breach. These incidents have seen a surge after the onset of the coronavirus pandemic. Law enforcement agencies have warned big companies to be extra cautious. They also asked them to report immediately if they find anything suspicious.