Domain registrar GoDaddy has shared details of a serious security breach which saw the details of 1.2 million customers exposed.
In a disclosure to the US Securities and Exchange Commission, GoDaddy’s Chief Information Security Officer, Demetrius Comes, shared details of the hack. Suspicious activity was discovered on Nov. 17 in the company’s Managed WordPress hosting environment, which turned out to be a third-party using a compromised password to gain access.
Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed. The third-party also gained access to the WordPress Admin password for these accounts, as well as the sFTP database username and password for active customers. For a “subset of active customers” the SSL private key was also exposed.
GoDaddy is investigating the hack with the help of an IT forensics firm and law enforcement has been involved. The passwords for the WordPress accounts and database access have already been reset, and new SSL certificates are being issued to affected customers.
Although the company admits email addresses being exposed does present the risk of phishing attacks, as yet no offer of free protection has been forthcoming.
Comes concludes the disclosure by stating:
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”