Site icon The Cybersecurity Daily News

GoDaddy data breach affected users



Godaddy reported its third data breach since 2018. The latest data breach entailed unauthorized data access of 1.2 million active and inactive customers.

In a filing with the U.S. Securities and Exchange Commission (SEC), the world’s largest domain registrar, Godaddy stated that a malicious third party obtained access to its WordPress hosting environment using a compromised password.

The third party got hold of sensitive information relating to customers. At this point, it’s not certain whether the compromised password was protected by two-factor authentication.

More than 20 million customers and over 82 million domain names use Godaddy services.

Also read,

GoDaddy discovered the attack on November 17, and the company is investigating the attack. GoDaddy remarked, “contacting all impacted customers directly with specific details.”  The attacker was able to access the following information:

According to Wordfence CEO Mark Maunder, “GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which is both industry best practices.”

Exit mobile version