GoDaddy suffered a massive data breach that gave the attacker access to over 1.2 million email addresses coming from active and inactive Managed WordPress users. The company disclosed the breach in the SEC filing on Monday.
The attacker gained access to a system meant to set up and automatically configure new sites in their legacy codebase for Managed WordPress using a “compromised password.” GoDaddy noticed the intrusion on November 17 and locked the attacker out before contacting law investigation and launching their investigation with the help of an unnamed IT forensic firm.
GoDaddy says that their “investigation is ongoing, and we are contacting all impacted customers directly with specific details.” However, the company has been somewhat vague in its description of the attack so far.
Another bug in the closet?
While the intrusion may have been detected on November 17, an initial investigation has revealed that the attacker had access to the data since September 6. According to the filed disclosure, the following customer information has been leaked.
- Up to 1.2 million active and inactive Managed WordPress users’ email addresses and customer numbers.
- Original WordPress admin password set up at the time of provisioning the site.
- sFTP and database credentials for active users.
- SSL private keys for a subset of active customers.
As mentioned before, there have been no details on how the hack actually took place except that the attacker gained access to GoDaddy’s provisioning system in their legacy code base for Managed WordPress using a compromised password.
How this password was compromised and how was the attack carried out will only become clear as the company proceeds with its investigation and publishes further details. As for the potential consequences of such a large breach, these 1.2 million email addresses could be a hunting ground for phishers and scammers.