GoDaddy suffered a security breach that gave an attacker access to more than a million email addresses belonging to the company’s active and inactive managed WordPress users, according to a disclosure it filed with from the SEC on Monday.
The company claims the attacker gained access to a provisioning system (intended to automatically install and configure new sites when customers create them) in early September using “a compromised password”. GoDaddy says he noticed the intrusion on November 17 and immediately locked down the attacker before beginning an investigation and contacting law enforcement.
Hackers had access to more than just email addresses – they could also see the original WordPress administrator passwords set by the provider, as well as the credentials of active user databases and sFTP systems. The company also claims that some customers have had their private SSL keys exposed, which is responsible for proving that a website is who it claims to be (feeding into the little lock icon you often see in the address bar. of your browser).
According to GoDaddy, it works to alleviate the issues by resetting affected passwords and regenerating security certificates as necessary. The company also said it was “contacting all affected customers directly with specific details.” While these seem like appropriate steps, having to manage a reset password will likely be a nuisance for some of its users.
GoDaddy did not immediately respond to a request for comment on how the attacker gained access to the password the company said was used to gain access to its systems. His announcement, however, indicates that his investigation is ongoing.
In recent intrusions into other businesses, phishing or social engineering have been to blame (although there have also been cases of poor password security). GoDaddy itself has a pretty heartbreaking history testing its employees’ cybersecurity awareness regarding fake emails, but attackers really only need to be lucky once to gain access. to treasures of data.