On Monday, the web-hosting giant GoDaddy announced that it had suffered a data breach affecting up to 1.2 million of its customers.
In a filing with the U.S. Securities and Exchange Commission, Demetrius Comes, GoDaddy’s chief information security officer, clarified the nature of the breach and what steps GoDaddy has taken to resolve the situation.
Comes explained how, on November 17, the company discovered that “an unauthorized third party” had managed to use a compromised password to gain access to old source code for its Managed WordPress platform — the system the company uses to host and manage its customers’ WordPress websites.
1.2 million email addresses and customer numbers exposed
The hacker was able to access massive amounts of sensitive customer data, including up to 1.2 million active and inactive customers’ email addresses and customer numbers. Usernames and passwords were also compromised — original WordPress administrative account passwords, and usernames and passwords linked to customers’ databases and file management systems. As a precautionary measure, GoDaddy has reset any at-risk passwords.
A subset of active customers also had their SSL private keys exposed. An SSL private key is an essential file used for encrypting and decrypting data sent between a website’s server and its users. Currently, GoDaddy is still in the process of issuing new SSL private keys to affected customers.
While the breach wasn’t discovered until mid-November, GoDaddy determined through its investigation that the hacker had been able to access its system since September 6th. After identification of the incident, the company immediately blocked the hacker’s access.
GoDaddy warned that the exposure of its customers’ email addresses presented an increased risk of phishing attacks.
Looking for bulletproof protection against data leaks?
Then why not claim your Trend Micro™ Password Manager 30-day free trial today! ID Security can monitor the internet and the dark web for your personal data — 24/7! If your data is leaked, you’ll be the first to know!
Scan the QR code below to download Trend Micro ID Security for Android/iOS now:
Or click the button for more information about Trend Micro ID Security: