External investigation finds breach dates back more than two months
The personal data more than 1.2 million GoDaddy customers was exposed after cybercriminals breached its WordPress hosting service, the company has admitted

In a statement filed with the US Securities and Exchange Commission, the internet infrastructure firm said it confirmed the breach on November 17 after detecting suspicious activity on its managed WordPress hosting environment

A subsequent incident response investigation by an external IT forensics firm uncovered evidence that the breach dates back more than two months, following an initial intrusion dating back to September 6

Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress according to the domain registrar and web hosting firm

 Tangled web
WordPress said it has blocked the intrusion but not before the exposure of a range of sensitive information

Up to 1.2 million active and inactive Managed WordPress customers had their email address exposed

Catch up with the latest data leak news and analysis
Users sFTP and database usernames and passwords were all exposed because of the breach. These passwords have been reset

For a subset of active customers, the SSL private key was exposed. GoDaddy is in the process of issuing and installing new certificates

Fresh phish
Following news of the breach, website administrators were warned that miscreants may seek to abuse the leaked credentials to construct convincing phishing attacks designed to trick recipients into handing over even more sensitive information

Independent security experts advised that the deployment of multi-factor authentication to WordPress environmentsbest practice in normal circumstanceswould be particularly helpful to GoDaddy customers in the aftermath of this breach

Ed Williams, director of Trustwaves SpiderLabs research division, commented: Enterprises, SMBs, and individuals using frequently targeted platforms like WordPress should ensure they are following strong password best practices: complexity, frequent password changes, not sharing passwords between applications, and multi-factor authentication

If possible, utilize an authenticator app to secure your account instead of traditional two-factor authentication via SMSas hackers have recently been targeting users with specialized SMS phishing Williams added

RELATED SIM swapan explainer

Other third party security vendors noted that this isnt the first time GoDaddy has suffered a security incident

Matt Sanders, director of security at LogRhythm, said: Unfortunately, this incident is the fourth time in the last few years GoDaddy has suffered a data breach or cyber-attack

This months data breach follows the hacking of a cryptocurrency domain managed by GoDaddy last November, an unauthorized user who breached 28,000 accounts last May, and an AWS error that exposed GoDaddy server data in 2018

When an organization experiences a cyber-attack, it can signal a lack of proper security controls and policies, making the organization an even more appealing target for cybercriminals Sanders concluded

YOU MAY ALSO LIKE Wind turbine giant Vestas confirms data breach following cybersecurity incident