Web hosting giant GoDaddy has reported a data breach, warning that the data of 1.2 million customers may have been accessed. GoDaddy’s chief information security officer, Demetrius Comes, found unauthorized access to the systems the company hosts and manages his WordPress servers for customers in filings with the Securities and Exchange Commission said he did. WordPress is a web-based content management system used by millions of people to create their blogs and his websites. GoDaddy allows a customer to host her own WordPress installation on her own server.
GoDaddy says this disclosure may expose users to phishing attacks. The web host also said her original WordPress admin password, which was created when WordPress was first installed and can be used by customers to access her WordPress server, was also disclosed. According to the company, active customers compromised and disclosed their sFTP credentials (used for file transfers) and usernames and passwords for the WordPress database where all user content is stored.
GoDaddy said the unauthorized person used a compromised password around September 6 to access GoDaddy’s systems. GoDaddy said it discovered the vulnerability last week, November 17th. It’s not clear if the compromised password was protected by his two-factor authentication. According to the filing, the breach affected 1.2 million active and inactive managed WordPress users whose email addresses and customer numbers were exposed.
keys are exposed and misused could allow an attacker to impersonate a customer’s website or service. GoDaddy said it was in the process of resetting the customer’s WordPress password and private key and issuing her a new SSL certificate. The web host has over 20 million customers worldwide. GoDaddy spokesman Dan Race declined to comment, citing the company’s ongoing investigation.
- GoDaddy, a data breach compromised more than a million user accounts
- Check all news and articles from the latest Security news updates.