New GoDaddy data breach impacted 1.2 million customers

GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts.

GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.

Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17.

“On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”

The intruders used a compromised password to access the provisioning system in the company’s legacy code base for Managed WordPress.

Once identifying the intrusion, the company immediately locked the unauthorized third party out of its system.

The investigation revealed that attackers exploited a vulnerability to gain access to the following customer information:

• Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
• The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords
• For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
• For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

The investigation is still ongoing and the company is notifying the impacted customers.

The attackers were able to access the above GoDaddy customer information using the compromised password.

This isn’t the first data breach suffered by GoDaddy, in May 2020 the company revealed attackers have compromised users’ web hosting account credentials. The hosting provider submitted a data breach notice with the California Attorney General and revealed that the intrusion took place in October 2019.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]