GoDaddy has just issued a statement that indicates that on November 17th 2021, they discovered unauthorized third-party access to their Managed WordPress hosting environment.
Here is the background on what happened and the steps they took, and are taking, in response:
They identified suspicious activity in their Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.
Using a compromised password, an unauthorized third party accessed the provisioning system in their legacy code base for Managed WordPress. Upon identifying this incident, they immediately blocked the unauthorized third party from the system. The investigation is ongoing, but they have determined that, beginning on September 6th 2021, the unauthorized third party used the vulnerability to gain access to the following customer information :-
Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, they reset those passwords.
For active customers, sFTP and database usernames and passwords were exposed. They have reset both passwords.
For a subset of active customers, the SSL private key was exposed. They are in the process of issuing and installing new certificates for those customers. Their investigation is ongoing and they are contacting all impacted customers directly with specific details. Customers can also contact via the help center (https://www.godaddy.com/help) which includes phone numbers based on country.
GoDaddy has said “We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.