GoDaddy, one of the largest domain registrars, announced that they encountered a major cyber security breach and that the data of 1.2 million WordPress users is at risk. The company disclosed in its disclosure to the US Securities and Exchange Commission that it had discovered unauthorized third-party access to our managed WordPress hosting environment.
Describing the incident, GoDaddy said, “We identified suspicious activity in our managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a tampered password, an unauthorized third party accessed the provisioning system in our legacy code base for managed WordPress.
How a GoDaddy data breach could affect its users
While there are no reports of an incident taking advantage of this data breach, users have to worry that attackers may be using SSL credentials to imitate domains that are owned by legal companies as a major credential theft attack. are or may even be used as part of malware to spread. Other concerns include that the keys could be used to hijack domain names and blackmail companies.
Affected users need to generate new certificates and privacy keys. Another aspect that GoDaddy needs to clarify is whether the exposed certificates and privacy keys were related to the GoDaddy CA or other certificates were also exposed in this data breach.
What data is exposed due to a GoDaddy security breach
According to GoDaddy, as of September 6, 2021, unauthorized third parties used the vulnerability to gain access to:
1. The email addresses and subscriber counts of up to 1.2 million active and inactive Managed WordPress customers were exposed.
2. The original WordPress admin password that was set at the time of provisioning was exposed.
3. For active clients, sFTP and database usernames and passwords were exposed.
4. For some active clients, the SSL private key was exposed.
How GoDaddy is Trying to Fix the Problem
GoDaddy claims that it immediately blocked unauthorized third parties from their systems. It also said that it had reset the WordPress admin password along with SFTP and database username and password. The company is also issuing and installing new certificates for those customers. “Our investigation is ongoing and we are contacting all affected customers directly with specific details. Customers can also contact us through our Help Center (https://www.godaddy.com/help), which includes phone numbers by country.
GoDaddy takes responsibility and says sorry
In a statement to the US Securities and Exchange Commission, GoDaddy CIO Demetrius Comes said, “We are sincerely sorry for this incident and the concern it has caused to our customers. We, GoDaddy’s leadership and employees, share information about our customers’ data. We take the responsibility of protecting our security personnel very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional levels of security.”
read all breaking news, breaking news And coronavirus news Here. follow us on Facebook, Twitter And Wire,
,