Web registrar and hosting company GoDaddy announced Monday that email addresses of up to 1.2 million active and inactive Managed WordPress customers were accessed by an unauthorized third party using a compromised password.
In a disclosure filed with the SEC, GoDaddy Inc. said that the data breach incident was discovered on Nov. 17. “Upon identifying this incident, we immediately blocked the unauthorized third party from our system,” said Demetrius Comes, the company’s Chief Information Security Officer, in the filing. An investigation is currently ongoing.
Based on findings by IT forensics, the hackers gained access to customer information using the vulnerability beginning Sept. 6. The third parties had remained undetected for more than 70 days, which is concerning.
Besides email addresses, the customer number was also exposed, which may lead to phishing attacks, according to Comes.
Comes added in the filing: “For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords. For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.”
SSL keys verify the authenticity of websites. When verified, it is shown as the lock symbol beside the URL on the browser address bar. Malicious groups might use the SSL certificates to impersonate legitimate companies for malware distribution and identity theft. According to security experts, the certificates would need to be replaced as soon as possible with new keys.
The company’s shares (GDDY) fell about 5.25 percent on closing, and its shares were hovering around the $67 mark on Tuesday.
GoDaddy is apparently in touch with the affected customers and is taking steps to strengthen security for preventing another attack. But this is not the first time the company has faced flak for unauthorized breaches.
In 2018, an AWS error exposed data regarding their business related to servers and cloud storage services with GoDaddy.
Last year, data from almost 28,000 customers were compromised by hackers through an altered SSH file. The breach occurred on Oct. 19, 2019, and was discovered on April 23, 2020.
Again in 2020, the company was part of a group of sites taken down in a cryptocurrency hack.
GoDaddy, based in Tempe, Arizona, is one of the largest hosting companies in the world, with a reported 20 million user accounts and over 7,000 employees.
GoDaddy has not immediately responded to The Epoch Times’ request for comment.