GoDaddy detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers.
The Scottsdale, Arizona-based web registrar and hosting firm GoDaddy has disclosed that it suffered a data breach in which the personal details plus login of up to 1.2 million active and inactive customers were accessed by an “unauthorized third party.”
The world’s leading domain name registering platform, GoDaddy, boasts of more than 20 million customers, which makes cyberattack on this organization a high-profile feat.
1.2 million WordPress sites at risk
In a letter to the Securities and Exchange Commission (“SEC”) on November 22nd, the company revealed that it discovered unauthorized third-party access to its active and inactive Managed WordPress hosting environment on November 17th.
After a detailed analysis, it identified that the breach allowed the unauthorized third party to access the following information:
- SSL private key
- Email addresses
- WordPress Admin password
- sFTP and database usernames and passwords.
Although it is unclear whether the stolen passwords were in plain-text format or in a format that can be easily cracked into plain-text, the company has already reset the passwords. Those who are yet to change their passwords are being urged to do so right now.
According to the letter, GoDaddy believes that originally, the data breach took place on September 6th, 2021. However, it was only discovered on November 17th.
Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress. Upon identifying this incident, we immediately blocked the unauthorized third party from our system, GoDaddy said.
Demetrius Comes, Chief Information Security Officer at GoDaddy said that the company has reset passwords for WordPress Admin, sFTP, and database. Yet, customers should watch out for phishing scams as hackers may attempt to take advantage of the situation for further attacks.
Comes also apologized to the affected customers and said that investigation is ongoing with the help of an IT forensics firm and contacted law enforcement.
GoDaddy and previous data breaches
This is not the first time when GoDaddy has suffered a data breach or put the personal data of its customers at risk. In 2018, a misconfigured Amazon S3 bucket owned by the company exposed sensitive data on 31,000 GoDaddy servers.
In April 2020, a hacker defaced the Escrow.com domain by hacking into the account of one of GoDaddy’s employees. The employee fell for a phishing scam after which stolen login credentials were used to conduct DNS spoofing against the Escrow domain.
In May 2020, GoDaddy announced another data breach in which an unknown number of web hosting account credentials were affected when hackers managed to access their SSH accounts. For your information, SSH also known as Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network.
In November 2020, GoDaddy admitted that hackers tricked its employees into obtaining access to their customer accounts and exploited them in attacks against two cryptocurrency firms, namely NiceHash and Liquid.
In their statements, both services stated that the attackers breached their internal systems after obtaining control of their accounts through tricking GoDaddy employees.
While discussing the latest cyber attack on GoDaddy, Geoff Bibby, CMO of Zix | AppRiver said that “Unfortunately, the data breach that has impacted GoDaddy is becoming a common occurrence for many companies.”
“Organizations that handle massive amounts of customer data are increasingly being targeted by cybercriminals hoping to access the incredibly sensitive and valuable information they possess,” said Geoff.
“To prevent a data breach like this, organizations need to implement two-factor authentication (2FA), which provides an extra layer of security by making users confirm their identity and leverage end-to-end email encryption for any messages containing confidential or personally identifiable information, Geoff suggested.”
Geoff advised that GoDaddy should also encourage customers to implement 2FA themselves and never reuse the same password on different services because if the service is compromised, attackers will try that same password for others.