GoDaddy Reports a Data Breach

A security incident at GoDaddy exposed data belonging up to 1.2 million WordPress customers. On Monday, the domain registrar and web-hosting company announced that an unauthorized third party had gained access to its systems by exploiting a compromised password. The intrusion started in September but was not discovered until last week.

GoDaddy has hired an IT forensics firm to investigate the incident. While the investigation is still ongoing, cybersecurity experts have determined that the unauthorized third party obtained email addresses and customer numbers from Managed WordPress customers with active or inactive accounts.

Demetrius Comes, GoDaddy’s chief information security officer, wrote in a filing on November 22 about the data breach “the exposure of email addresses presents a risk of phishing attacks.”

According to GoDaddy, the original WordPress admin passwords set at the time of provisioning were exposed. After the usernames and passwords for both the Secure File Transfer Protocol (SFTP) and the database were exposed in the security incident, GoDaddy also reset active WordPress customers’ passwords for the SFTP and database.

The unauthorized third party also gained access to the details of SSL (Secure Sockets Layer) private keys belonging to an unspecified number of active customers. For those customers, the company is currently in the process of issuing and installing new certificates.