GoDaddy data breach exposes over 1 million WordPress customer’s Data

Web hosting giant, GoDaddy recently reported a data breach that impacted over 1 million customers as per a filing with US Securities and Exchange commission. The breach has resulted in an unauthorized access of data belonging to customers both active and inactive. This incident is the third security incident that has come to limelight since 2019.

The company has over 20 million customers worldwide with more than 82 million domain names registered for using its services.

The malicious third party was able to gain the access of Managed word press hosting environment on September 6, possibly due to a compromised password. This was further used to obtain sensitive information of the customers. It has still not been revealed weather the compromised password was 2 factor authenticated or not.

The company statement says that they had immediately blocked the third party from the system. The investigation is still ongoing regarding the issue, but the company shares has fallen about 1.6% in early trading.

The following customer information has been breached in the attack

  • Email address and customer numbers of 1.2 million active and inactive managed WordPress customers.

This had further exposed the customers to phishing attacks on their emails, not to mention it also enables the attackers to breach the vulnerable WordPress sites to upload malware and access other personally identifiable information stores in them.

  • WordPress Admin password that was set at the time of provisioning was exposed.
  • sFTP and database usernames and passwords for active customers
  • the SSL private key was also exposed for a subset of active customers

According to Word fence  Mark Maunder “GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.

The company filing also said that “ We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

Growth in the cyber-crime incidents

 Experts believe that the growth of cyber security incidents can be rooted down to the pandemic that enforced more number of users to join the internet and further leading to more and more hacking incidents across the globe

Latest update on the issue

 The data breach especially at a web hosting company can be much worse than a company is prepared to admit because multiple subsidiaries of the company’s Managed WordPress services, including 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost, have been found affected.

Although GoDaddy told that only a small and inactive Manages WordPress users have been found affected but it is still possibility of additional users that may have their sensitive data exposed in the wake of this security incident.

Remediation plan

The company has further issue that if the credentials that were exposed are still in use have been asked to reset. The same step has been taken up for sFTP customers. for the people with exposed SSL private keys the company has issued and installed new certificates for the customers.

As a precautionary measure the company will be bolstering its provisioning systems with added security protections.

Investigation is still ongoing, and the company is planning to contact the customers directly with specific details. The company is also available in their help centers https://www.godaddy.com/help which also includes the phone numbers based on the countries.