[BreachExchange] GoDaddy says data breach exposed over a million user accounts

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Nov 22 14:05:53 EST 2021


https://news.yahoo.com/godaddy-says-data-breach-exposed-162215494.html

Web hosting giant GoDaddy has reported a data breach with U.S. financial
regulators, and warns that data on 1.2 million customers may have been
accessed.

In a filing with the Securities and Exchange Commission, GoDaddy's chief
information security officer Demetrius Comes said the company detected
unauthorized access to its systems where it hosts and manages its
customers' WordPress servers. WordPress is a web-based content management
system used by millions to set up blogs or websites. GoDaddy lets customers
host their own WordPress installs on their servers.

GoDaddy said the unauthorized person used a compromised password to get
access to GoDaddy's systems around September 6. GoDaddy said it discovered
the breach last week on November 17. It's not clear if the compromised
password was protected with two-factor authentication.

The filing said that the breach affects 1.2 million active and inactive
managed WordPress users, who had their email addresses and customer numbers
exposed. GoDaddy said this exposure could put users at greater risk of
phishing attacks. The web host also said that the original WordPress admin
password created when WordPress was first installed, which could be used to
access a customer's WordPress server, was also exposed.

The company said that active customers had their sFTP credentials (for file
transfers), and the usernames and passwords for their WordPress databases,
which store all the user's content, exposed in the breach. In some cases,
the customer's SSL (HTTPS) private key was exposed, which if abused could
allow an attacker to impersonate a customer's website or services.

GoDaddy said it's reset customer WordPress passwords and private keys, and
is in the process of replacing new SSL certificates.

The web host has more than 20 million customers worldwide. A spokesperson
for GoDaddy did not immediately comment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211122/79e04dc5/attachment.html>


More information about the BreachExchange mailing list