Registrar GoDaddy shared details of a serious security breach that exposed the details of 1.2 million customers.
In a disclosure to the US Securities and Exchange Commission, GoDaddy's Director of Information Security, Demetrius Comes, shared details about the intrusion. Suspicious activity was discovered on November 17 in the company's Managed WordPress hosting environment, which turned out to be a third party using a compromised password to gain access.
Up to 1.2 million active and inactive customers of Managed WordPress had their email addresses and customer numbers exposed. The third party also gained access to the WordPress admin password for these accounts, as well as the sFTP database username and password for active customers. For a "subset of active clients" the SSL private key was also displayed.
GoDaddy is investigating the hack with the help of an IT forensics firm and law enforcement has been involved. Passwords for WordPress accounts and database access have already been reset and new SSL certificates are being issued to affected customers.
Although the company admits that the exposed email addresses pose a risk of phishing attacks, so far there has been no offer of free protection.
Comes concludes the disclosure by stating:
"We sincerely regret this incident and the concern it causes our customers. We, the leadership and employees of GoDaddy, take our responsibility to protect our customers' data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our delivery system with additional layers of protection."
