The email addresses, customer numbers and, in some cases, private SSL keys of GoDaddy users have been compromised in a data breach.
An unauthorized third party gained access to the GoDaddy Managed WordPress hosting environment via a compromised password. The organization noticed suspicious activity on November 17 and contacted an IT investigative firm and law enforcement regarding the breach.
The organization determined that the cyber actor had access to the GoDaddy system beginning on September 6, 2021. Compromised information includes the email addresses and customer numbers of up to 1.2 million Managed WordPress users; the Secure File Transfer Protocol (SFTP) and database login information for active users; and the SSL private keys of some users.
GoDaddy has reset affected user passwords and is installing new certificates for users with compromised SSL private keys.
Danny Lopez, CEO at Glasswall, commented on the implications of the breach. Lopez said, “Reports of hackers gaining access to web hosting companies such as this are troubling, given the amount of data such businesses hold and the ramifications if it falls into the wrong hands.
Organizations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It’s vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defense where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.”