GoDaddy breach exposes 1.2 million customer accounts
Domain Registrar and Godaddy Web Hosting Company have revealed that it suffers from data violations where 1.2 million users data may have been accessed.
In submission with the Securities and Exchange Commission (SEC), the company’s information security officer Demetrius came to explain that “unauthorized third parties” have gained access to the WordPress hosting environment managed.
For those who are not used, WordPress is a content management system (CMS) used by millions of sites around the world to manage blogs and websites and like other hosting providers, Godaddy offers WordPress hosting besides shared hosting, VPS servers, special servers, and more.
According to GoDaddy, unauthorized people gained access to the system around September 6 by using a compromised password. However, it wasn’t until last week on November 17 that the company found a violation.
Compromise User Account
Secretary SEC Godaddy said that the violation affected 1.2m WordPress users who were active and inactive who had their email addresses and their customer numbers exposed.
The company also said that the original WordPress admin password, which was created when WordPress was first installed was also open. With this password in hand, the attacker can access the WordPress customer server.
Godaddy also revealed that active customers have their SFTP credentials and usernames and passwords for their WordPress database, which is used to store all their content, exposed to violations. However, in some cases, SSL private key customers are exposed and if abused, this key can allow attackers to mimic customer’s websites or other services. While Godaddy has reset the WordPress customer password and private key, currently in the process of the new SSL certificate issuer.
We will likely hear more about the detail of this data violation after Finishes Goodaddy conducted a full investigation into this problem.