According to a statement filed with the SEC on Monday, GoDaddy suffered a security breach that gave an attacker access to more than 1 million email addresses belonging to the company’s active and inactive Managed WordPress subscribers.
According to GoDaddy, the attacker gained access to a provisioning system (used to set up and automatically configure new sites when customers create them) in early September by “using a compromised password.” The company discovered the intrusion on November 17th and immediately locked out the attacker before conducting an investigation and contacting law enforcement.
The hackers had access to more than just email addresses; they also had access to the provisioner’s original WordPress admin passwords, as well as the credentials for active users’ databases and sFTP systems. Some users’ private SSL keys were also exposed, according to the firm, which is responsible for proving that a website is who it claims to be (powering the little lock icon you often see in your browser’s address bar).
GoDaddy said it’s attempting to fix the problem by resetting impacted passwords and, if necessary, regenerating security certificates. While the corporation claims to be “contacting all impacted consumers personally with detailed data,” dealing with a password reset will likely be a hassle for some of its users.
GoDaddy did not immediately respond to a request for comment on how the attacker obtained the password that the business claims was used to gain access to its systems. However, the notification does state that the probe is still underway.
Phishing or social engineering has been blamed for recent attacks at other firms (though there have also been instances of simply poor password security). When it comes to bogus emails, GoDaddy has a bad history of testing its employees’ cybersecurity awareness, but attackers only need to get lucky once to gain access to massive amounts of data.