A security breach at domain registrar GoDaddy exposed the details of 1.2 million customers.
On Nov. 17, suspicious activity was detected in the company’s Managed WordPress hosting environment which turned out to be a third-party gaining access with a compromised password. The details were revealed to the US Securities and Exchange Commission by Godaddy’s Chief Information Security Officer, Demetrius Comes.
1.2 Million Users
A total of 1.2 million customers with active and inactive Managed WordPress accounts had their email addresses and customer numbers exposed. The hackers also had access to the WordPress Admin password, as well as the SFTP username and password of clients.
New SSL certificates are being issued to the customers whose accounts were compromised, passwords for their WordPress accounts reset and law enforcement was been notified of the hack. GoDaddy is working with an IT forensics firm to investigate the hack.
Despite the company admitting that email addresses are exposed and are at risk of being phished, Godaddy has not offered any free protection as of yet.
We are taking steps to strengthen our system
The Chief Information Security Officer concludes the disclosure by stating:
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”