Web hosting giant, GoDaddy has announced a data breach and warns that data on nearly 1.2 million users may have been accessed. In a filing with the Securities and Exchange Commission, GoDaddy’s chief information security officer Demetrius Comes stated that the company discovered unapproved access to its systems where it hosts and handles its customers’ WordPress servers. WordPress is a web-based content management system employed by millions to establish blogs or websites.
A Compromised Password Led to GoDaddy’s Data Breach
GoDaddy allows customers host their own WordPress installs on their servers. GoDaddy stated that the unauthorized person employed a compromised password to get entrance to GoDaddy’s systems around September 6. GoDaddy said it found the data breach last week on November 17. It’s not clear if the compromised password was preserved with two-factor authentication.
Nearly 1.2 Million Active and Inactive Users were Affected in the Breach
In addition to this, the filing declared that the data breach affects 1.2 million active and inactive handled WordPress users, who had their email addresses and client numbers exposed. GoDaddy said this exposure could place users at greater risk of phishing attacks. The web host further stated that the original WordPress admin password created when WordPress was first installed, which could be utilized to access a customer’s WordPress server, was also endangered.
“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” informed GoDaddy’s statement. The corporation said that active clients had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which saves all the user’s content, exposed in the data breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if exploited could enable an attacker to impersonate a customer’s website or services.
GoDaddy Hosts More than 20 Million Customers Worldwide
GoDaddy said it’s reset customer WordPress passwords and private keys and is in the process of publishing new SSL certificates. The web host has more than 20 million clients worldwide. Dan Race, a spokesperson for GoDaddy, declined to comment referring the company’s ongoing investigation. As a result, the company’s shares dropped down by 1.6% in early trading.