Godaddy’s Chief Information Security Officer, Demetrius Comes, said that the company detected unauthorized access to its systems where customer’s WordPress servers are hosted and managed.
How Did It Happen
While the incident is still under investigation, Godaddy said that the unauthorized person used a compromised password to get access to GoDaddy’s systems around September 6.
It is unclear if the compromised account was protected with two-factor authentication.
The breach was discovered more than a month later on November 17.
1.2 Million Customer Accounts Affected
1.2 million, active and inactive managed wordpress users had their email addresses and customer numbers exposed. Godaddy said that these users could face risks of phishing attacks.
The initial admin passwords created during the installation of wordpress were also exposed.
According to GoDaddy, active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services.
Actions Taken
GoDaddy said it reset customer WordPress passwords and private key and is in the process of issuing new SSL certificates.
GoDaddy issued a filling with Securities and Exchange Commission regarding this incident.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.