GoDaddy Hacked! 12 Lakh Users’ Critical WordPress Data Exposed (What To Do Next?)


GoDaddy says it “blocked the unauthorized third party” but the investigation is still on.

Web hosting giant GoDaddy suffered a large-scale data breach affecting nearly 1.2 million customers.

Discovery Of Breach

The breach was discovered on November 17 with unauthorized “third-party access” to its “Managed WordPress hosting environment.”

However, it is suspected that the access likely began on September 6, well before GoDaddy discovered the issue.

It then launched an investigation with an IT forensics team and contacted law enforcement as well.

How Did It Happen?

The unauthorised third-party access took place using “a compromised password”.

The perpetrators then gained access to the “provisioning system in the legacy code base for Managed WordPress.”

GoDaddy says it “blocked the unauthorized third party” but the investigation is still on.

Which Data Were Exposed?

1.2 million active and inactive Managed WordPress customers were affected since their email address and customer number was exposed.

Theft of email addresses is a grave issue since it heightens the risk of phishing attacks where cybercriminals send emails to users to extort further account details.

The original WordPress Admin password was also exposed, but was reset if they were still in use.

sFTP (Secure File Transfer Protocol) and database usernames and passwords of active customers also got leaked but GoDaddy says they have reset both passwords.

Security Certificate

For some, the SSL private key was exposed and the company is in the “process of issuing and installing new certificates for those customers.”

This information is crucial as it is an important part of the website’s SSL (Secure Sockets Layer) certificate.

This is what authenticates the website to the internet and can be abused to impersonate a customer’s website or services.

Fixing The Mess

It is contacting all impacted customers directly with specific details and customers can contact the company through its help centre.

Corrective measures it has taken include resetting affected customers’ private keys and issuing new SSL certificates.

How You Can Protect Yourself

According to cybersecurity experts, protective measures users can employ include following strong password best practices:

  • Complexity
  • Frequent password changes
  • Not sharing passwords between applications
  • Multi-factor authentication

Comments are closed, but trackbacks and pingbacks are open.