Today, hosting giant GoDaddy announced that it had been the victim of a severe cybersecurity breach which may well have exposed over 1 million user accounts to bad actors for a period of over three months.
GoDaddy said they discovered the breach on 17 November, and that the hack had begun on 6 September using compromised credentials - specifically a compromised password. The data of over 1.2 million WordPress users has been exposed to this unauthorized third party ever since. The attackers will have been able to access usernames and passwords, email addresses, and even private SSL keys.
In their SEC filing, Chief Information Security Officer Demetrius Comes said: “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement”.
GoDaddy’s filing went on to say that the exposed data would likely put the affected users at risk of further phishing attacks, and the original WordPress admin password which can be used to gain access to a customer’s WordPress server was also exposed. Along with sFTP credentials and the SSL keys, this could even mean that the third parties might be able to impersonate a user’s website.
GoDaddy’s shares fell by approximately 1.6% as a result, and they have stated that they are working to fix the problem and investigate the breach, and blocked the attackers as soon as the hack was discovered. All passwords and keys have been reset, and new SSL certificates will be issued shortly.
GoDaddy have said they will contact all affected users directly with next steps.
This is not GoDaddy’s first brush with a major cybersecurity breach. A similar incident in May last year also exposed account credentials, although not on this scale.
Breaches like this demonstrate how important good online hygiene and constant vigilance are when it comes to cybersecurity. Although attacks can never be 100% prevented, the severity of this particular breach is partially down to the length of time it took to detect. Staying on top of your cybersecurity can make a big difference when it comes to avoiding or mitigating significant incidents such as these.