GoDaddy has announced that the private data of 1.2 million of its customers could be at risk after the company suffered from a data breach.
The company has promised to improve its protection to stop a similar event from happening in the future. However, in this case, GoDaddy didn’t put measures in place to deal with the incident for over two months, which is a major concern for consumers that use the service.
In a statement, the firm said that it discovered the breach in its systems on 6th September 2021. But, it wasn’t until 17th November that it took steps to block the hackers.
According to GoDaddy’s Chief Information Security Officer, the hackers were able to access GoDaddy’s code base for its Managed WordPress system using a compromised password.
Managed WordPress is a service the company offers its clients in which GoDaddy handles all the technical aspects of running the website on the customer’s behalf for a larger fee.
After realizing the hack had taken place and identifying the issue, GoDaddy employees started an investigation using a private IT forensics firm, as well as contacting law enforcement regarding the matter.
What information was compromised?
The company has informed its customers that the following information had been compromised during the hack:
- Email addresses and contact numbers of up to 1.2 million active and inactive Managed WordPress customers.
- Original WordPress Admin passwords.
- FTP and database usernames and passwords of active customers.
- SSL private key information for a small group of active customers.
There could be a risk of phishing attacks on these customers, so GoDaddy says it will contact anyone affected. Additionally, customers can contact the platform using its online help center.
GoDaddy said, “Upon identifying this incident, we immediately blocked the unauthorized third party from our system. … Our investigation is ongoing,”
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”