GoDaddy, a domain registrar, has revealed details of a significant security breach that exposed the personal information of 1.2 million clients. Customer email addresses, as well as WordPress and database login credentials, were made public.
Demetrius Comes, GoDaddy’s Chief Information Security Officer, detailed the intrusion in a filing with the US Securities and Exchange Commission. On Nov. 17, suspicious activity was noticed in the company’s Managed WordPress hosting environment, which turned out to be third-party gaining access through a compromised password.
The email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers were exposed. The third party also had access to these accounts’ WordPress Admin passwords, as well as the active customers’ sFTP database username and password. The SSL private key was also exposed for a “subset of active clients.”
See Also: Top Trading Firm Robinhood Says Hackers Got Access To Data Of 7 Million Customers
GoDaddy is working with an IT forensics firm to investigate the incident, and law enforcement is also involved. Passwords for WordPress accounts and database access have already been changed, and impacted customers have received new SSL certificates.
Although the corporation acknowledges that exposing email addresses exposes users to phishing attempts, no offer of free protection has been made.
The company has shared an official statement on the matter which is as follows;
“We apologize for this situation and the anxiety it has caused our consumers. We, at GoDaddy, take our obligation to secure our clients’ data extremely seriously, and we never want to disappoint them. We will take efforts to tighten our provisioning system with extra layers of protection as a result of this occurrence.”
