GoDaddy has revealed that the domain registrar suffered a security breach that gave attackers access to the data of more than 1 million active and inactive Managed WordPress users. In a filing with the Securities and Exchange Commission (SEC), GoDaddy's chief information security officer, Demetrius Comes, said the company detected suspicious activity in its Managed WordPress hosting environment.
Comes said that the attacker gained access using a "compromised password" around September 6; the company discovered the break last week on November 17. "Upon identifying this incident, we immediately blocked the unauthorized third party from our system," the report said.
"Our investigation is ongoing, but we have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access" to customer information.
GoDaddy's breach exposed the following data:
- Email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers.
- The original WordPress Admin password. GoDaddy says it has reset those passwords.
- sFTP and database usernames and passwords were exposed, which have also been reset.
- The SSL private key was exposed for a subset of active customers. "We are in the process of issuing and installing new certificates for those customers," the company said.
The company has more than 20 million customers worldwide, which makes any breach impact a vast chunk of users. GoDaddy is yet to reveal how the unauthorized person gained access to the password that led to this data breach.