Godaddy reported its third data breach since 2018. The latest data breach entailed unauthorized data access of 1.2 million active and inactive customers.
In a filing with the U.S. Securities and Exchange Commission (SEC), the world’s largest domain registrar, Godaddy stated that a malicious third party obtained access to its WordPress hosting environment using a compromised password.
The third party got hold of sensitive information relating to customers. At this point, it’s not certain whether the compromised password was protected by two-factor authentication.
More than 20 million customers and over 82 million domain names use Godaddy services.
GoDaddy discovered the attack on November 17, and the company is investigating the attack. GoDaddy remarked, “contacting all impacted customers directly with specific details.” The attacker was able to access the following information:
- Email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers
- Original WordPress Admin password that was set at the time of provisioning was exposed
- sFTP and database usernames and passwords associated with its active customers, and
- SSL private keys for a subset of active customers
According to Wordfence CEO Mark Maunder, “GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which is both industry best practices.”