Security Breach in GoDaddy Impacts Over 1 Million WordPress Customers

The danger of a compromised password can be extensive, and one of the popular websites has recently released it at a steep cost. The web hosting and domain register platform GoDaddy recently revealed that a security breach through compromised passwords has resulted in disclosing of 1.2 million email addresses of its WordPress customers.

The Incident

The company promptly reported the incident to the Securities and Exchange Commission. In the official announcement, GoDaddy informed about the detection of unauthorized third-party access to its Managed WordPress hosting environment. Though the hacker gained access on September 6. The breach was discovered only on November 17. The company further explained that a ‘compromised password’ was the source of this security breach, allowing the hacker or hackers to enter the provisioning system in its Managed WordPress legacy codebase.

The Consequence

As a dire consequence, the third-party security break exposes a total of 1.2 million managed WordPress email addresses and passwords, along with the customer numbers, both active and inactive. The access to the email accounts has left the customers vulnerable to compromising their original WordPress administrator passwords, which are set at the time of initial provisioning. The passwords used by the customers while creating new sites were also accessed. GoDaddy proceeded to reset those passwords if any affected customer was still using them.

The Measures Taken

After apologizing to its worldwide users, GoDaddy confirmed that upon discovery the company immediately started to investigate the whole incident, with help of a third-party IT forensics farm and related authorities. The first step was to block the hacker entirely from its system. As the SFTP and database usernames and passwords of the active customers were also exposed, the company has reset those two passwords promptly. Additionally, the private SSL key of a part of active customers was compromised, which the company is now rectifying by issuing and installing new certificates for those affected users.