GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.
Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17.
“On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”
The intruders used a compromised password to access the provisioning system in the company’s legacy code base for Managed WordPress.
Once identifying the intrusion, the company immediately locked the unauthorized third party out of its system.
The investigation revealed that attackers exploited a vulnerability to gain access to the following customer information:
The investigation is still ongoing and the company is notifying the impacted customers.
The attackers were able to access the above GoDaddy customer information using the compromised password.
This isn’t the first data breach suffered by GoDaddy, in May 2020 the company revealed attackers have compromised users’ web hosting account credentials. The hosting provider submitted a data breach notice with the California Attorney General and revealed that the intrusion took place in October 2019.
(SecurityAffairs – hacking, data breach)