IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GoDaddy data breach exposes over 1.2 million customer details

Attacker had access to admin passwords for over two months

The GoDaddy website displayed inside a magnifying glass hovering over a browser window

Hosting company GoDaddy has said that around 1.2 million users have been affected by a data breach on its managed WordPress hosting service.

The hack is said to have exposed email addresses, customer numbers, administrative login credentials, and in some cases SSL private keys.

The hosting company discovered that an intruder had gained access to its managed WordPress hosting environment on Nov 17, it said in a filing with the SEC. The intruder used a stolen password to access the provisioning system for the service.

Up to 1.2 million active and former users of the company's managed service had their email addresses and customer numbers exposed, the company said, raising the possibility of further phishing attacks to come. The original administrative passwords for the managed WordPress accounts were also available to the hacker, putting the accounts themselves at risk if the credentials were still in use.

Also exposed were sFTP and database usernames and passwords, and an undisclosed number of users also had their SSL private keys exposed.

Related Resource

Protecting every edge to make hackers’ jobs harder, not yours

How to support and secure hybrid architectures

White square with whitepaper title on top of a background image of a building and pavementFree download

GoDaddy discovered that the intruder had been inside the system since September 6, meaning that the hacker has had access to the data for over two months. It worked with a forensics company upon discovering the incident, and has taken steps to safeguard its systems, including changing original administrative passwords that were still in use, resetting sFTP and database passwords, and installing new digital certificates for affected customers.

"We are sincerely sorry for this incident and the concern it causes for our customers," the company said in its filing. "We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection."

In 2017, the company revoked thousands of SSL certificates after issuing them without proper checks and authorization. In January 2019, an independent researcher found a vulnerability in its process for handling DNS change requests that enabled hackers to hijack domains and create phishing campaigns. It also notified customers of a hack that exposed SSH login details in the same year.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

Warning issued over ransomware attacks targeting VMware ESXi servers globally
cyber attacks

Warning issued over ransomware attacks targeting VMware ESXi servers globally

6 Feb 2023
ION Trading reportedly pays LockBit ransom demands
ransomware

ION Trading reportedly pays LockBit ransom demands

6 Feb 2023
Tips for Boosting your Organisation’s Security Posture with Encryption
Sponsored

Tips for Boosting your Organisation’s Security Posture with Encryption

6 Feb 2023