Web hosting giant GoDaddy has reported a data breach with US financial regulators, and warned that the data of 1.2 million customers could be accessed.
in a filing with the Securities and Exchange CommissionGoDaddy’s chief information security officer, Demetrius Comes, said the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers. WordPress is a web-based content management system used by millions of people to set up blogs or websites. GoDaddy lets customers host their own WordPress installs on their servers.
GoDaddy said the unauthorized person used a compromised password to gain access to GoDaddy’s systems around September 6. GoDaddy said it discovered the breach last week on Nov. 17. It is unclear whether the compromised password was secured with two-factor authentication.
The filing said the breach affected 1.2 million active and inactive managed WordPress users, whose email addresses and customer numbers were exposed. GoDaddy said this exposure could put users at greater risk of phishing attacks. The web host also said that the original WordPress admin password when WordPress was first installed, which could have been used to access the customer’s WordPress server, was also exposed.
The company said active customers had access to their SFTP credentials (for file transfers), and usernames and passwords for their WordPress database, which stores all of the user’s content exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which, if misused, could allow an attacker to impersonate a customer’s website or services.
GoDaddy said it is resetting customer WordPress passwords and private keys, and is in the process of replacing new SSL certificates.
The web host has over 20 million customers worldwide. A GoDaddy spokesperson did not immediately comment.
- Hostinger says 14 million customers could be affected by data breach
- Web host Epic was warned of a serious security flaw weeks before it was hacked
- Some of the biggest web hosting sites were hit by simple account takeover hacks