GoDaddy Inc, on Monday, filed a disclosure to SEC (Securities and Exchange Commission) regarding a data and security breach. This web host has over 20 million customers world wide.
The Chief Information Security Officer, Demetrius Comes, said in the filing, “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.”
According to this filed disclosure, more than 1 million of GoDaddy’s Managed WordPress users’ data was compromised.
“Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” Demetrius Comes said. This happened around September 6th, 2021 and GoDaddy noticed it on 17th of November.
The company says they immediately shut the attacker out of their systems, restricted the access. However, a lot of harm has occurred. This “unauthorized third-party” had access to everything for over a month and a half.
What’s Compromised?
Data breaching is a form of cyber attack, where information is stole from a system. This can lead to financial loss, identity theft, and legal issues, to name a few.
Many things were exposed during this security breach. This is including but not limited to: email addresses, customers numbers, SSL private keys (the lock that appears before the web address) of a group of customers. Database and sFTP (for file transfer) usernames and passwords were exposed too.
Almost all of this information, as you can notice, is linked to users’ private information.
GoDaddy is yet to comment on the on-going investigation about it. They also refused to comment on how the attacker got to the sensitive information.
What Are They Doing Now?
They’re actively trying to reverse all the harm this attack caused.
GoDaddy is issuing and installing new certificates to the customers whose data was exposed. They also claimed to be directly contacting the impacted customers with specific details.
There has been no further information about this from the company.
What to do if you’re data is breached? Here are some steps you can take.
[…] on the internet is always a risk. Even a web-host like GoDaddy’s data can be breached. It’s on the users to take precautions and proceed as safely as […]