New GoDaddy data breach impacted 1.2 million customers

GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts.

GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.

Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17.

“On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”

The intruders used a compromised password to access the provisioning system in the company’s legacy code base for Managed WordPress.

Once identifying the intrusion, the company immediately locked the unauthorized third party out of its system.

The investigation revealed that attackers exploited a vulnerability to gain access to the following customer information:

Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords
For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

The investigation is still ongoing and the company is notifying the impacted customers.

The attackers were able to access the above GoDaddy customer information using the compromised password.

This isn’t the first data breach suffered by GoDaddy, in May 2020 the company revealed attackers have compromised users’ web hosting account credentials. The hosting provider submitted a data breach notice with the California Attorney General and revealed that the intrusion took place in October 2019.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.