Daddy’s breached! Is your data in it?

GoDaddy discovered a data breach where data belonging to 1.2 million WordPress customers was exposed on 17th November 2021.

The company claims to have had unauthorized third-party access on Monday. It gained access to GoDaddy’s systems through a compromised password and exposed email addresses and customer numbers.

Demetrius Comes, GoDaddy’s chief information security officer claimed in his statement to US Securities and Exchange Commission that this unauthorized access was discovered on November 17, 2021, in GoDaddy’s Managed WordPress hosting environment.

GoDaddy security breach: what data is at risk?

On September 6, 2021, an unauthorized third party exploited the vulnerability to gain access to:

1. 12 lakh active and inactive Managed WordPress customer numbers and email addresses.
2. Original WordPress Admin passwords (Exposed during the provisioning process)
3. Passwords and usernames for sFTP and databases of active customers.
4. SSL private keys of some active customers.

GoDaddy’s data breach: how can it affect its users?

Despite no reports of an incident exploiting this data breach, users should still be worried that attackers can use SSL (Secure Socket Layer) credentials to mimic legitimate companies’ domains as part of a larger credential theft attack or even to spread malware.

Concerns also include the possibility of blackmailing businesses, MITM (Man in the Middle) attack, and hijacking domain names.

How is GoDaddy resolving this issue?

A team of IT forensics experts, hired by GoDaddy is currently investigating the incident. The cyber specialists reported that the unauthorized party gained access to WordPress customers’ data on 6^th September 2021 but, the breach was detected last week.

Moreover, once the breach was identified, the intruder was blocked from GoDaddy’s entire system.