GoDaddy breach exposes 1.2 million customer accounts

An unauthorized third party recently accessed GoDaddy’s managed WordPress hosting environment

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Thedomain registrarandweb hostingcompanyGoDaddyhas revealed that it suffered a data breach in which the user data of 1.2m of its customers may have been accessed.

In a filing with with Securities and Exchange Commission (SEC), the company’s chief information security officer Demetrius Comes explained that an “unauthorized third party” had gained access to itsmanaged WordPresshosting environment.

For those unfamiliar, WordPress is a content management system (CMS) used by millions of site owners worldwide to set up blogs and websites and like other hosting providers, GoDaddy offersWordPress hostingin addition toshared hosting,VPS hosting,dedicated serversand more.

According to GoDaddy, the unauthorized person gained access to its systems around September 6 by using a compromised password. However, it wasn’t until last week on November 17 that the company discovered the breach.

Compromised user accounts

GoDaddy’sSEC filingsays that the breach affects 1.2m active and inactive managed WordPress users who had their email addresses as well as their customer numbers exposed.

The company also said that the originalWordPress admin password, which was created when WordPress was first installed was also exposed. With this password in hand, an attacker can access a customer’s WordPress server.

GoDaddy also revealed that active customers had their sFTP credentials and the usernames and passwords for their WordPress databases, that are used to store all of their content, exposed in the breach. However, in some cases, customer’s SSL private keys were exposed and if abused, this key could allow an attacker to impersonate a customer’s website or other services. While GoDaddy has reset customer WordPress passwords and private keys, it is currently in the process of issuing them newSSL certificates.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

We’ll likely hear more regarding the details of this data breach after GoDaddy finishes conducting a full investigation into the matter.

We’ve also featured thebest data loss preventionservices andbest database software

ViaTechCrunch

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well