The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.
On Monday, the world’s largest domain registrar said in a public filing to the SEC that an “unauthorized third party” managed to infiltrate its systems on Sept. 6 – and that the person(s) had continued access for almost two and a half months before GoDaddy noticed the breach on Nov. 17.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, GoDaddy CISO, said in the website notice.
Specifically, the attackers compromised GoDaddy’s Managed WordPress hosting environment – a site-building service that allows companies and individuals to use the popular WordPress content management system (CMS) in a hosted environment, without having to manage and update it themselves.
“Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress,” according to Comes.
The information the lurking cybercriminal(s) was/were able to purloin is a mixed bag. The Scottsdale, Ariz.-based firm said that it included:
- Emails and customer numbers for 1.2 million active and inactive Managed WordPress customers
- sFTP and database usernames and passwords for active customers (passwords are now reset)
- SSL private keys “for a subset of active customers,” used to authenticate websites to internet users, enable encryption and prevent impersonation attacks. GoDaddy is in the process of issuing and installing new certificates for affected customers.
What should you do?
- Update database passwords
- Update SFTP usernames and passwords
- Update account Passwords
- Update all your WordPress Core software and plugins
Need assistance with WordPress website data breaches? Town Press Media is here to assist with your website data breaches. Call us at 512- 522-9008 or send an email today.