You are currently viewing 
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="4"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->GoDaddy Suffered a Security Breach Affecting 1.2 Million Customers: Here’s What Happened

GoDaddy Suffered a Security Breach Affecting 1.2 Million Customers: Here’s What Happened

Share the Tech Love

Gavin Phillips
2021-11-23 09:50:35

Web hosting service GoDaddy has suffered a security breach that granted an attacker access to more than 1.2 million individual customer records. The attacker accessed email addresses and customer numbers for active customers, along with sFTP and database usernames and password combinations.

Furthermore, a “subset of active customers” SSL private keys were also exposed, forcing all of those customers to remove and reinstall new certificates to prove they are who they say they are.

So, what happened? How did GoDaddy expose its WordPress customer’s data? And most important, is your data safe now?

What Happened to GoDaddy’s WordPress Users?

So, the attacker gained access to GoDaddy’s provisioning system using a compromised password. Once they gained access to the system, the attacker accessed GoDaddy’s 1.2 million active and inactive WordPress customer profiles.

According to the official SEC filing, the company “immediately blocked the unauthorized third party” from the system. However, as the attacker gained access on September 6, 2021, they had sufficient time to access a range of customer records.


The breached data includes:

  • The 1.2 million email addresses and customer numbers relating to GoDaddy WordPress users.
  • Any original WordPress Admin passwords set at the time of provisioning (when WordPress is first installed). As per the SEC filing, “If those credentials were still in use, we reset those passwords.”
  • Active GoDaddy WordPress users may have had sFTP and database usernames and passwords exposed. Again, “We reset both passwords.”
  • Finally, the SSL private key of some users was also exposed. GoDaddy is in the “process of issuing and installing new certificates” for those affected.

GoDaddy is contacting all affected users, active or inactive, directly with the specific details for their account. Aside from the reissuing and reinstallation of SSL certificates, it appears that most users are looking at a password reset. However, some users are likely to have been affected more than others.

In a statement, GoDaddy Chief Information Security Officer Demetrius Comes said:

We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.

Related: The Best Domain Name Registrars to Start Your Website

I’m a GoDaddy WordPress User. What Do I Do?

As per the above, the first thing to do is check the email account associated with your GoDaddy account. If you use or manage a WordPress site through GoDaddy, you’re likely to have received an email advising you on how to reset your password. The same email will also include more information on how your account is affected if your sFTP username and password was breached, or your SSL private key was exposed.

However, there is no indication currently that GoDaddy users hosting other sites are affected. The GoDaddy data breach only affects Managed WordPress hosting. Of course, you can head over to GoDaddy and reset your passwords and check your account if you want peace of mind.

Related: How to Change Your WordPress Website’s Password

GoDaddy Has Previous With Data Breaches

The company has had issues with data breaches and customer data previously. Back in 2018, an AWS error exposed private data hosted on GoDaddy servers, and in 2020, around 28,000 accounts were breached.

Then, there was the time that GoDaddy tested its staff against external security threats, using the phishing lure of a $650 holiday bonus. Of course, the bonus was bogus, and those who clicked the link were sent for social engineering training. Not that training and protecting your company is wrong, of course, but a massive financial bonus just before the holiday period seems harsh.

For now, GoDaddy WordPress users must keep one eye on their email account, and if you’re at all concerned, swap out your password.

The Best Web Hosting Services: Shared, VPS, and Dedicated

Looking for the best web hosting service for your needs? Here are our best recommendations for your blog or website.

Read Next

About The Author

Source Link

Leave a Reply