Published on: November 24, 2021
GoDaddy, the world’s largest domain registrar, was the victim of a cyberattack that resulted in the unauthorized access of data belonging to 1.2 million active and inactive WordPress users.
In a filing with the U.S. Securities and Exchange Commission (SEC), the Arizona-based company said that a hacker was able to gain access to its managed WordPress hosting environment on Sep. 6. The third-party gained access through a compromised password and used the password to obtain sensitive information about GoDaddy’s customers. GoDaddy did not provide any details on how the hackers gained access to the compromised password.
The hackers were able to access customers’ email addresses, which GoDaddy said may present the risk of phishing attacks. They could also see the original WordPress admin passwords set by the provisioner, along with the credentials for active users’ databases and SFTP systems. Additionally, GoDaddy said that some users even had their private SSL keys exposed, which are responsible for proving that a website is who it says it is.
GoDaddy has more than 20 million customers, with over 82 million domain names registered under its services. GoDaddy revealed that it initially discovered the breach on Nov. 17.
According to GoDaddy, it’s working to resolve these issues by resetting exposed passwords and regenerating security certificates, as needed. An investigation into the incident is still ongoing and the company added that it’s “contacting all impacted customers directly with specific details.”
This is the third security incident GoDaddy has suffered in the last 3 years — in 2018, an error exposed data on its servers, and in 2020, it suffered a breach that exposed data from over 28,000 users.
“We are sincerely sorry for this incident and the concern it causes for our customers,” Chief Information Security Officer, Demetrius Comes, said in a statement. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”