In a recent cyberattack against GoDaddy, a web hosting company, an unauthorized third party had access to its systems by exploiting a vulnerability through a compromised password. GoDaddy disclosed in a filing to the Securities & Exchange Commission (SEC) on Monday that the unauthorized third-party access had exposed the email addresses of up to 1.2 million current and inactive Managed WordPress customers.
In a world where there is increased data processing, it is accompanied by concerns of data breach, and there is an obligation on organisations to adequately protect personal data. This obligation was breached when on Monday, 21st November 2021, GoDaddy, the world’s largest domain registrar based in the United States disclosed in the statement that the “unauthorized third party” managed to infiltrate its systems on 6th Sept 2021, but it was not detected until last week.
GoDaddy is a platform that provides many services, from domain to web hosting. GoDaddy’s website builder uses AI to help make building your site as easy as possible, using the information you enter to generate a site for you.
Hear from GoDaddy
In the statement signed by its Chief Information Security Officer, Demetrius Comes, GoDaddy said, we identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.
Upon identifying this incident, we immediately blocked the unauthorized third party from our system. Our investigation is ongoing, but we have determined that beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:
- Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed. The exposure of email addresses presents risk of phishing attacks. The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.
- For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
- For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.
Our investigation is ongoing, and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center (https://www.godaddy.com/help) which includes phone numbers based on country.
Insight
According to GoDaddy, the cyber attackers were able to get access to this information through a compromised password which GoDaddy claims to have now reset. However, the company did not share plans on how to further strengthen its security and protection. In the filing, GoDaddy just said accounts affected in this incident had their passwords reset.
This means that those whose emails, customer numbers, and (or) passwords have been compromised can be victims of phishing, as it is now part of a bank of emails that could be used for mass phishing attacks The breach has also led to a drop in the stock value of GoDaddy by 7.47% in the last 5 days on the New York Stock Exchange (NYSE) and a further reduction in the trust that the public has in the company.
With the rise of cyberattacks in recent times, questions are being asked on how the personal data of individuals and corporate entities can be better protected.