Internet domain registrar and web hosting company, GoDaddy, has told the SEC that, last Wednesday, it noticed that its Managed WordPress hosting environment had been breached with the attacker using a compromised password to gain access. According to the filing, the unauthorised third-party has had access to a provisioning system in the legacy code base for Managed WordPress since September 6 and that user data was compromised.
GoDaddy revealed that the vulnerability gave access to a variety of customer information including 1.2 million active and inactive Managed WordPress customers’ email addresses and customer numbers, some WordPress Admin passwords, sFTP and database usernames and passwords, as well as SSL private keys for a subset of users.
To help secure users’ data, the firm has reset the affected WordPress Admin passwords, it has reset sFTP and database passwords, and it’s in the process of issuing and installing new certificates for customers affected by the SSL private keys breach. If you were personally affected by this breach, GoDaddy will be contacting you with specific details.
Commenting on the breach, Demetrius Comes, Chief Information Security Officer at GoDaddy, said:
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
To help in its ongoing investigation, GoDaddy is working with an IT forensics firm as well as law enforcement; hopefully, it will be able to find whoever was behind the breach.