Domain registrar GoDaddy recently admitted that a security incident had seen up to 1.2 million customers have their data exposed.
The data breach, affecting customers who use GoDaddy to host their WordPress website, occurred after an unauthorised party accessed its systems via a compromised password. The data breach began on 6th September but wasn’t detected until mid-November.
GoDaddy investigates as impact becomes clear
GoDaddy’s own investigations into the cause of this data breach are ongoing.
However, cybersecurity experts have been able to determine that the unauthorised party was able to access data, including customer numbers and email addresses for both active and inactive customers with or who had previously had a Managed WordPress hosting plan.
While an email address may seem a pretty innocuous piece of data, there is a risk that those email addresses will be targeted by phishing scams posing either as GoDaddy or WordPress to try and acquire bank details or other personal data.
GoDaddy also disclosed that the data breach saw the original WordPress admin passwords setup when the domains were registered exposed.
In a filing to the US Securities and Exchange Commission (SEC) on 22nd November, GoDaddy’s Chief Information Security Officer, Demetrius Comes, noted: “If those credentials were still in use, we reset those passwords.”
GoDaddy also said it had reset active WordPress customers’ passwords for the secure file transfer protocol (SFTP). This database of usernames and passwords had also been exposed in the same breach.
GoDaddy managed to block the third party from the system as soon as it became aware of the incident.
In the same SEC filing, Comes said: “On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”