Security breach revealed emails and passwords to GoDaddy’s 1.2 million WordPress customer site

GoDaddy recently learned that the impacts of a compromised password can be significant. The domain registrar and web hosting platform revealed on Monday that it had suffered a security breach that revealed up to 1.2 million email addresses for active and inactive managed WordPress clients, as well. as the WordPress administrator passwords for these clients.

In an announcement about the incident, which the company reported to the Securities and Exchange Commission, GoDaddy said it discovered that an unauthorized third party had gained access to its managed WordPress hosting environment on November 17, although the hacker was granted access on September 17. 6. The company explained that the source of the breach was a “compromised password”, which allowed hackers to enter the provisioning system into its legacy code base for Managed WordPress.

In addition to the 1.2 million active and inactive managed WordPress email addresses revealed, customer numbers have been exposed. Access to email addresses opens these customers to phishing attacks, GoDaddy said. Customers’ original WordPress admin passwords set at provisioning time, or when customers create their new sites, were also viewed. If the passwords were still in use by the affected customers, GoDaddy reset them.

The company said sFTP and database usernames and passwords were also compromised for active customers. These two passwords have also been reset. Meanwhile, a subset of active clients have had their private SSL key compromised, and GoDaddy is currently in the process of issuing and installing new certificates for those affected.

GoDaddy said after its discovery, it immediately began investigating the incident, enlisted the help of a third-party computer investigation company, and contacted authorities. He also blocked the hacker from his system.

“We are sincerely sorry for this incident and the concern it causes among our customers,” Demetrius Comes, the company’s chief information security officer, said in a statement, noting that the investigation is ongoing. “We, the officers and employees of GoDaddy, take our responsibility to protect our customers’ data very seriously and never want to let it down. We will learn from this incident and are already taking steps to strengthen our supply system with additional layers of protection. “

Gizmodo reached out to GoDaddy on Tuesday to request additional information on how the compromised password was obtained and to learn more about the additional steps the company is taking to protect its provisioning system. We will make sure to update this blog if we have any news.

Amanda J. Marsh