Overnight, website hosting service GoDaddy announced via a filing with the United States Securities and Exchange Commission (SEC) that up to 1.2 million accounts had been exposed in a breach, as reported by Engadget.
GoDaddy accounts around the world had been accessed through GoDaddy’s Managed WordPress hosting environment, a tool used for enhancing the performance of WordPress websites running on GoDaddy domains.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” said Demetrius Comes, the chief information security officer for GoDaddy, in a filing with the SEC.
“Using a compromised password, an unauthorised third party accessed the provisioning system in our legacy code base for Managed WordPress.”
GoDaddy has outlined what information has been accessed and the time period of when it was breached. Information had been accessed between September 6, 2021 and November 17, 2021, with GoDaddy blocking access as soon as it detected the breach.
Of the 1.2 million active and inactive accounts that were accessed in the breach, email addresses and customer numbers were exposed. WordPress admin passwords used at the time of the breach were exposed as well (GoDaddy has reset those passwords). sFTP and database passwords were also exposed and have been reset by GoDaddy.
GoDaddy also noted that a subset of active customers had SSL private keys exposed. The website hosting company is in the process of issuing and installing new certificates to rectify this, it said.
“Our investigation is ongoing and we are contacting all impacted customers directly with specific details,” Demetrius added.
GoDaddy has apologised for the data breach and taken responsibility for it. The hosting site has said it will learn from this incident and strengthen its provisioning system with extra protections.
As noted by Engadget, last night’s GoDaddy breach was not its first. Last year, attackers duped GoDaddy into helping take down cryptocurrency-related websites hosted by the service.
If you’re confused by any of this and worried about your information being compromised, you can find help here.
We’ll let you know if this story develops.