GoDaddy recently learned that the impacts of a compromised password can be far-reaching. The domain registrar and web hosting platform revealed on Monday that it had experienced a security breach that disclosed up to 1.2 million email addresses for active and inactive Managed WordPress customers, as well as those customers’ WordPress administrator passwords.
In an announcement about the incident, which the company reported to the Securities and Exchange Commission, GoDaddy said it discovered that an unauthorized third-party had gained access to its Managed WordPress hosting environment on Nov. 17, although the hacker had obtained access on Sept. 6. The company explained that the source of breach was a “compromised password,” which allowed the hackers to enter the provisioning system in its legacy code base for Managed WordPress.
In addition to the 1.2 million active and inactive Managed WordPress email addresses revealed, customer numbers were exposed. The access to the email addresses opens those customers up to phishing attacks, GoDaddy said. Customers’ original WordPress administrator passwords set at the time of provisioning, or when customers create their new sites, were also accessed. If the passwords were still being used by the affected customers, GoDaddy proceeded to reset them.
The company said that sFTP and database usernames and passwords were also compromised for active customers. Those two passwords were reset as well. Meanwhile, a subset of active customers had their private SSL key compromised, and GoDaddy is currently in the process of issuing and installing new certificates for those affected.
GoDaddy said that upon discovery, it immediately began to investigate the incident, enlisted the help of a third-party IT forensics firm, and contacted the authorities. It also blocked the hacker from its system.
“We are sincerely sorry for this incident and the concern it causes for our customers,” Demetrius Comes, the company’s chief information security officer, said in a news statement, noting that the investigation is ongoing. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
Gizmodo reached on to GoDaddy on Tuesday to ask for additional information on how the compromised password was obtained and learn more about the additional steps the company was taking to protect its provisioning system. We’ll make sure to update this blog if we hear back.
More on security and privacy from G/O Media’s partner:
- What’s the best VPN?
- Review of Free VPN’s
- Review of NordVPN
- Review of ExpressVPN
Gizmodo is not involved in creating these articles but may receive a commission from purchases through its content.