GoDaddy, one of the world’s leading domain registration and hosting platforms, has been the victim of a security incident. It would have exposed the data of more than 1.2 million customers They use the WordPress content management system hosted on their own servers.
The problem came to light this Monday in a GoDaddy filing with the US Securities and Exchange Commission. The company said that an unauthorized person used a compromised password to access its WordPress hosting environment on September 6 of this year.
However, GoDaddy discovered the security incident on November 17. after detecting suspicious activity and initiate an investigation that is still ongoing. Once the compromised access passwords were identified, they were renewed, but the data would have been leaked.
The presentation talks about the leak of email addresses and customer numbers than 1.2 million GoDaddy users using the managed WordPress system. This can present a higher risk of phishing attacks for data breach victims.
This is not the first time that GoDaddy has suffered a security incident
GoDaddy also points out that the security breach exposed usernames and passwords for logins SFTP and databases of WordPress. In some cases, the SSL private key (HTTPS), so the company is in the process of providing new certificates.
Customers, for their part, may need to identify in the section My products the new access data to use the SFTP and the databases of your managed WordPress. Also, be attentive to the new SSL certificates that the company is in the process of issuing so that they can replace them.
GoDaddy’s chief information security officer, Demetrius Comes, says the investigation into what happened is still ongoing. He also points out that the company is working with law enforcement and a specialized IT firm. They seek to prevent this type of incident from being repeated in the future.
The truth is that this is not the first time that the company suffers a security breach. In 2018, due to a failure in Amazon Web Services (AWS), GoDaddy’s internal data was exposed. In 2020, 28,000 hosting service accounts were compromised by a security incident.