New GoDaddy data breach impacted 1.2 million customersSecurity Affairs

GoDaddy suffered a data breach affecting up to 1.2 million of its managed WordPress customer accounts.

GoDaddy disclosed a data breach that affected up to 1.2 million customers, and threat actors compromised the company’s managed WordPress hosting environment.

Threat actors have compromised the company’s network since at least September 6, 2021, but the breach wasn’t discovered by the company until November 17, 2021.

“We discovered unauthorized third-party access to your managed WordPress hosting environment on November 17, 2021.” said Demetrius Comes, Chief Information Security Officer, GoDaddy. “We identified suspicious activity in our managed WordPress hosting environment and, with the help of an IT forensics company, immediately launched an investigation and contacted law enforcement. An unauthorized third party has used a compromised password to gain access to our existing code-based provisioning system for Managed WordPress.”

The attacker used a compromised password to access the provisioning system on the company’s legacy code base for Managed WordPress.

After identifying the intrusion, the company immediately blocked unauthorized third parties from the system.

Investigation revealed that an attacker used the vulnerability to gain access to the following customer information:

Email addresses and customer numbers were exposed to up to 1.2 million active and inactive Managed WordPress customers. Exposing your email address puts you at risk of a phishing attack.
The original WordPress admin password set during provisioning was exposed. If those credentials are still in use, reset those passwords.
For active customers, sFTP and database usernames and passwords were exposed. Reset both passwords.
SSL private keys exposed for a subset of active customers. We are issuing and installing new certificates for these customers.

The investigation is still ongoing and the company is notifying affected customers.

An attacker could use a compromised password to access the above GoDaddy customer information.

In May 2020, GoDaddy revealed that an attacker had compromised a user’s web hosting account credentials. The hosting provider has submitted: Data Breach Notification Together with the California Attorney General, they said the break-in occurred in October 2019.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(security work – hacking, data leakage)

Source

New GoDaddy data breach impacted 1.2 million customersSecurity Affairs

GoDaddy suffered a data breach affecting up to 1.2 million of its managed WordPress customer accounts.

share

CISO to BISO – What’s your next role?

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day – Naked Security

A flaw in OpenSSH forwarded ssh-agent allows remote code executionSecurity Affairs

Experts warn of OSS supply chain attacks on the banking sectorSecurity Affairs

CISO to BISO – What’s your next role?

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day – Naked Security

A flaw in OpenSSH forwarded ssh-agent allows remote code executionSecurity Affairs

Experts warn of OSS supply chain attacks on the banking sectorSecurity Affairs

Editor Picks

The California Consumer Privacy Act (CCPA) and the American Data Privacy Protection Act: The Good, The Bad and The Ugly

What To Know About Privacy Data

Former contractor accused of remotely accessing town’s water treatment facility

Must read

18 cybersecurity startups to watch

Microsoft’s Autopatch feature improves the patch management processSecurity Affairs

Not Feeling it Tonight? Here’s The Ultimate List of Safe Porn Sites.

Popular categories