Hosting solutions giant, GoDaddy announced that they have detected unauthorized third-party access. The company stated that attackers breached GoDaddy’s Managed WordPress hosting environment. The company filed a report with the Securities and Exchange Commission.
Email addresses and admin passwords
GoDaddy announced that after they identified the suspicious activity, it started an investigation with an IT forensics firm and informed law enforcement. The third party managed to access the provisioning system in the legacy code base by using a compromised password.
The unauthorized third party is blocked from the system after the investigation. The incident happened on 6 September and the investigation revealed that a third party used a vulnerability to gain access to the customer information:
- Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
- The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.
- For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
- For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.
Demetrius Comes, Chief Information Security Officer of GoDaddy said,
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”